Last Updated on November 21, 2023 by InfraExam
Which two statements best describe the impact of cryptography on security investigations? (Choose two.)
- All the employee’s SSL/TLS outbound traffic should be decrypted and inspected since it requires minimal resources on the security appliance.
- Cryptographic attacks can be used to find a weakness in the cryptographic algorithms.
- With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before.
- Encryption does not pose a threat to the ability of law enforcement authorities to gain access to information for investigating and prosecuting cybercriminal activities.
- Command and Control traffic is usually sent unencrypted. Therefore, it does affect the security investigations.
|Explanation & Hint:
The two statements that best describe the impact of cryptography on security investigations are:
- Cryptographic attacks can be used to find a weakness in the cryptographic algorithms. Security investigations might involve analyzing cryptographic implementations for weaknesses that could be exploited. A cryptographic attack might reveal vulnerabilities in the algorithms or in their implementation, which could compromise the security of communications.
- With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before. As HTTPS becomes more prevalent for legitimate traffic, it provides cover for malicious activities as well. Attackers can leverage encryption to hide their activities, making it more challenging for security professionals to detect and investigate malicious traffic.
The other statements are incorrect because:
- Deciphering all SSL/TLS traffic can be resource-intensive and might also raise privacy concerns.
- Encryption can pose significant challenges to law enforcement and security investigations, as it can prevent access to data unless the keys are available or vulnerabilities are found.
- Command and Control (C2) traffic is increasingly being sent over encrypted channels to avoid detection, impacting the ability of security investigations to detect and understand attack communications.
For more Questions and Answers: