nerdexam
EC-Council

312-50V10 · Question #814

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plai

The correct answer is B. HTTPS. HTTPS uses TLS encryption combined with digital certificates to protect data in transit, preventing credential exposure and session hijacking.

Cryptography

Question

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

Options

  • AFTP
  • BHTTPS
  • CFTPS
  • DIP

How the community answered

(53 responses)
  • A
    2% (1)
  • B
    87% (46)
  • C
    4% (2)
  • D
    8% (4)

Why each option

HTTPS uses TLS encryption combined with digital certificates to protect data in transit, preventing credential exposure and session hijacking.

AFTP

FTP (File Transfer Protocol) transmits credentials and file data in plaintext with no encryption, which is the exact vulnerability Bella is trying to fix, not the solution.

BHTTPSCorrect

HTTPS (HTTP Secure) wraps standard HTTP traffic inside a TLS session, which uses digital certificates issued by a Certificate Authority to authenticate the server and negotiate an encrypted channel. This directly addresses both the plaintext transmission of usernames and passwords and the session hijacking risk, because all data including session tokens is encrypted end-to-end.

CFTPS

FTPS (FTP Secure) adds TLS to the FTP protocol for secure file transfers, but it is a file transfer protocol and does not address general web application session traffic where session hijacking occurs.

DIP

IP (Internet Protocol) is a Layer 3 routing protocol that handles packet addressing and forwarding; it provides no encryption, authentication, or session-level security.

Concept tested: HTTPS protocol - TLS encryption and digital certificates

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

Topics

#HTTPS#digital certificates#encryption in transit#secure protocols

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice