CompTIA CySA+ (CS0-001) — Question 52

During the forensic a phase of a security investigation, it was discovered that an attacker was able to find private keys on a poorly secured team shared drive. The attacker used those keys to intercept and decrypt sensitive traffic on a web server. Which of the following describes this type of exploit and the potential remediation?

Answer options

• A. Session hijacking; network intrusion detection sensors
• B. Cross-site scripting; increased encryption key sizes
• C. Man-in-the-middle; well-controlled storage of private keys
• D. Rootkit; controlled storage of public keys

Correct answer: C

Explanation

The correct answer is C, as this scenario describes a Man-in-the-middle attack where the attacker intercepts communication using stolen private keys. The recommended remediation is to ensure that private keys are stored securely to prevent unauthorized access. Options A, B, and D describe different attacks or remediation techniques that do not apply to this situation.