312-50V13 · Question #507
312-50V13 Question #507: Real Exam Question with Answer & Explanation
The correct answer is A: Implement IPsec in addition to SSL/TLS.. Explanation Option A is correct because IPsec (Internet Protocol Security) operates at the network layer and provides both encryption and data integrity verification through mechanisms like HMAC (Hash-based Message Authentication Codes), which detects tampering during transmissio
Question
You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloudbased application that handles sensitive customer data. To ensure that the data is protected from breaches, you have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?
Options
- AImplement IPsec in addition to SSL/TLS.
- BQswitch to using SSH for data transmission.
- CUse the cloud service provider's built-in encryption services.
- DEncrypt data using the AES algorithm before transmission.
Explanation
Explanation
Option A is correct because IPsec (Internet Protocol Security) operates at the network layer and provides both encryption and data integrity verification through mechanisms like HMAC (Hash-based Message Authentication Codes), which detects tampering during transmission - this complements SSL/TLS's application-layer protection by adding an additional layer of tamper-detection at the network level.
The distractors are wrong because:
- B (SSH) is designed for secure remote access and command execution, not general application data transmission, and doesn't add tamper-detection beyond what SSL/TLS already provides.
- C (Cloud provider's built-in encryption) typically addresses data-at-rest encryption, not transit-level tamper detection.
- D (AES encryption) is a symmetric encryption algorithm that protects confidentiality but does not include integrity-checking or tamper-detection capabilities by itself.
Memory Tip: Think "IPsec = Integrity Protection" - the "sec" in IPsec stands for security, which covers both confidentiality AND integrity, making it the perfect partner to SSL/TLS when tamper-detection is your specific concern. When an exam question mentions detecting tampering in transit, look for a solution that explicitly provides integrity verification at the network layer.
Topics
Community Discussion
No community discussion yet for this question.