Certified Ethical Hacker (CEH v13) — Question 59

You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloud based application that handles sensitive customer data. To ensure that the data is protected from breaches, you have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?

Answer options

• A. Implement IPsec in addition to SSL/TLS.
• B. Switch to using SSH for data transmission.
• C. Encrypt data using the AES algorithm before transmission.
• D. Use the cloud service provider's built-in encryption services.

Correct answer: A

Explanation

The correct answer is A, as implementing IPsec alongside SSL/TLS adds an additional layer of security and provides integrity checks to ensure that the data has not been tampered with during transmission. Option B is incorrect because SSH is typically used for remote access and not for general data transmission. Option C, while it involves encryption, does not address the need for tamper detection during transmission. Option D does not fulfill the requirement for an additional mechanism to verify data integrity.