CompTIA Security+ (SY0-501) — Question 345

A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach.
Which of the following is MOST likely the cause?

Answer options

• A. Insufficient key bit length
• B. Weak cipher suite
• C. Unauthenticated encryption method
• D. Poor implementation

Correct answer: D

Explanation

The correct answer is D because a poor implementation can lead to vulnerabilities that allow breaches, even with strong cryptographic algorithms in place. Options A, B, and C refer to weaknesses in key length or cipher choice, but the server was configured with strong settings, making implementation flaws the most likely cause of the breach.