nerdexam
Isaca

CDPSE · Question #205

Which of the following vulnerabilities would have the GREATEST impact on the privacy of information?

The correct answer is A. Private key exposure. Private key exposure (A) has the greatest privacy impact because private keys are the cryptographic foundation of asymmetric encryption - exposing one compromises all data encrypted with the corresponding public key, enables impersonation, and invalidates digital signatures retro

Privacy Architecture

Question

Which of the following vulnerabilities would have the GREATEST impact on the privacy of information?

Options

  • APrivate key exposure
  • BPoor patch management
  • CLack of password complexity
  • DOut-of-date antivirus signatures

How the community answered

(55 responses)
  • A
    55% (30)
  • B
    25% (14)
  • C
    5% (3)
  • D
    15% (8)

Explanation

Private key exposure (A) has the greatest privacy impact because private keys are the cryptographic foundation of asymmetric encryption - exposing one compromises all data encrypted with the corresponding public key, enables impersonation, and invalidates digital signatures retroactively. An attacker with your private key can silently decrypt every past and future communication, giving them complete, undetected access to sensitive information at scale.

B (Poor patch management) creates vulnerabilities but doesn't directly expose data - it widens the attack surface, requiring an additional exploit step. C (Weak passwords) risks account takeover but is limited in scope; it also has mitigations like MFA and lockout policies. D (Out-of-date AV) leaves systems exposed to known malware but is similarly indirect and relies on a successful infection occurring first.

Memory tip: Think of a private key like the master key to a safe-deposit vault - whoever holds it owns everything inside, forever. The other options are like leaving a window unlocked; the private key is like handing over the key to the building.

Topics

#Cryptographic key exposure#Private key management#Data encryption protection#Vulnerability assessment

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice