Exam 312-50v12 topic 1 question 40 discussion

Both A and C fits the criteria, but the keyword is she 'transfers', indicating she initially used FTP, hence ftps

A. FTPS FTPS includes full support for the TLS and SSL cryptographic protocols, including the use of server-side public key authentication certificates and client-side authorization certificates. It also supports compatible ciphers, including AES, RC4, RC2, Triple DES, and DES. It further supports hash functions SHA, MD5, MD4, and MD2. https://en.wikipedia.org/wiki/FTPS

FTPS adds SSL/TLS encryption to FTP Answer is A

Another poorly worded question with two correct answers, A. FTPS and C. HTTPS are both correct. But if you want to pass the test, the CEH "most correct" answer is A. FTPS per the other comments in this thread. This was a question for me when I took the exam on 13 Dec 2023.

A. FTPS See CEH v12 book Module 04 Page 504: "Enumeration Countermeasures: Implement secure FTP (SFTP) or FTP secure (FTPS) to encrypt the FTP traffic over the network"

Correct. Reference: CEH v12 Official book Pg no: 1584

"while transferring important files" I believe this is a dead giveaway to the correct answer A. FTPS

C. HTTPS HTTPS is considered more secure than FTPS. It provides end-to-end encryption and uses digital certificates for identity verification. FTPS adds an SSL/TLS encryption layer to FTP but lacks comprehensive security. HTTPS offers stronger encryption and identity protection.

C. HTTPS

A and C are correct. FTPS and HTTPS meet the criteria

"breach occured while transferring files". FTPS is an extension of the FTP protocol that adds support for Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption for securing file transfer. Bella could have implemented FTPS as a secure alternative to FTP, which uses plaintext for data transfer and is susceptible to session hijacking attacks.

C. HTTPS Explanation: HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to secure communication over the internet. It is an extension of HTTP (Hypertext Transfer Protocol) and uses Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt data sent between a web server and a client. HTTPS ensures that data transmitted between a web server and a client is encrypted and therefore secure against eavesdropping and tampering. In the given scenario, Bella implemented a protocol that sends data using encryption and digital certificates to address the security breach caused by plaintext transmission of sensitive data. This is exactly what HTTPS does, making it the correct answer.