nerdexam
Exams312-50V9Questions#25
EC-Council

312-50V9 · Question #25

312-50V9 Question #25: Real Exam Question with Answer & Explanation

The correct answer is A: Private. The data obtained by a Heartbleed attack may include unencrypted exchanges between TLS parties likely to be confidential, including any form post data in users' requests. Moreover, the confidential data exposed could include authentication secrets such as session cookies and pass

Question

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options

  • APrivate
  • BPublic
  • CShared
  • DRoot

Explanation

The data obtained by a Heartbleed attack may include unencrypted exchanges between TLS parties likely to be confidential, including any form post data in users' requests. Moreover, the confidential data exposed could include authentication secrets such as session cookies and passwords, which might allow attackers to impersonate a user of the service. An attack may also reveal private keys of compromised parties. https://en.wikipedia.org/wiki/Heartbleed

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice