Certified Ethical Hacker (CEH v12) — Question 186

You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloud based application that handles sensitive customer data. To ensure that the data is protected from breaches, you have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?

Answer options

• A. Implement IPsec in addition to SSL/TLS.
• B. Switch to using SSH for data transmission.
• C. Encrypt data using the AES algorithm before transmission.
• D. Use the cloud service provider's built-in encryption services.

Correct answer: A

Explanation

The correct answer is A because implementing IPsec in addition to SSL/TLS provides an extra layer of security, including tamper detection. Options B and C do not inherently provide tamper detection, while D relies solely on the cloud service provider's solutions, which may not meet all security requirements.