CompTIA Security+ (SY0-701) — Question 436

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Choose two.)

Answer options

• A. Tokenization
• B. Cryptographic downgrade
• C. SSH tunneling
• D. Segmentation
• E. Patch installation
• F. Data masking

Correct answer: C, D

Explanation

SSH tunneling (C) creates a secure channel for data transmission, effectively encrypting the data that travels over the unsecure protocol. Segmentation (D) can limit the exposure of sensitive data by isolating the legacy system from other network segments, reducing the risk of unauthorized access. The other options either do not provide adequate protection or are not suitable for this scenario.