nerdexam
(ISC)2

CISSP · Question #904

An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third p

The correct answer is A. Diffle-Hellman (DH) algorithm. The vulnerability described in the question relates to a hard-coded session key in both the client and server applications, which is a security risk. Hard-coding cryptographic keys in source code exposes them to potential attackers who could extract them through reverse engineeri

Submitted by chen.hong· Mar 5, 2026Security Architecture and Engineering

Question

An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

Options

  • ADiffle-Hellman (DH) algorithm
  • BElliptic Curve Cryptography (ECC) algorithm
  • CDigital Signature algorithm (DSA)
  • DRivest-Shamir-Adleman (RSA) algorithm

How the community answered

(38 responses)
  • A
    66% (25)
  • B
    21% (8)
  • C
    8% (3)
  • D
    5% (2)

Explanation

The vulnerability described in the question relates to a hard-coded session key in both the client and server applications, which is a security risk. Hard-coding cryptographic keys in source code exposes them to potential attackers who could extract them through reverse engineering or other The Diffie-Hellman (DH) algorithm is the most effective way to mitigate this vulnerability. DH is a key exchange algorithm that allows two parties (the client and the server) to securely establish a shared session key over an insecure channel, without ever transmitting the key itself. This means that, instead of hard-coding a session key, the client and server can use DH to dynamically generate the session key during the connection establishment, which is much more secure. Once the session key is generated via DH, it can be used for encrypting the communication between the client and server, and because the key is not hard-coded, it eliminates the vulnerability of key exposure.

Topics

#Key exchange#Diffie-Hellman#Cryptography#Hard-coded keys

Community Discussion

No community discussion yet for this question.

Full CISSP Practice