CompTIA Security Plus Mock Test Q838

A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution?

A. Driving a van full of Micro SD cards from data center to data center to transfer data
B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN
C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN
D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
A virtual private network (VPN) is an encrypted communication tunnel that connects two systems over an untrusted network, such as the Internet. They provide security for both
authentication and data transmission through a process called encapsulation.
Secure Sockets Layer (SSL) can be used to exchange the VPN keys securely. SSL is used to establish secure TCP communication between two machines by encrypting the
communication.

Incorrect Answers:
A: The data centers are geographically distributed across multiple continents. This makes it difficult to transport the data by driving a van.
C: Symmetrical keys are rendered useless when the key is stolen as the same key is used for encryption and decryption.
D. PKI can be used to encrypt the data but transferring the data via FTP or a cloud server is not advisable. FTP is inherently insecure while cloud servers are used for storage.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 45, 304-305, 310-311
http://www.networkworld.com/article/2263539/compliance/vpn-security—-do-you-know-where-your-keys-are-.html