An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries’ arms trafficking laws. There is new information that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization
currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites.
Which of the following techniques would MOST likely improve the resilience of the enterprise to attack on cryptographic implementation?
A. Add a second-layer VPN from a different vendor between sites.
B. Upgrade the cipher suite to use an authenticated AES mode of operation.
C. Use a stronger elliptic curve cryptography algorithm.
D. Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites.
E. Ensure cryptography modules are kept up to date from vendor supplying them.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
I was originally really wondering about this question, however the answer is (C). Use a stronger elliptic curve cryptography algorithm based upon the organizations current encryption deployment. Elliptic Curve Digital Signature Algorithm (ECDSA) & Elliptic-curve Diffie–Hellman (ECDH)
Discussion:
https://vceguide.com/which-of-the-following-techniques-would-most-likely-improve-the-resilience-of-the-enterprise-to-attack-on-cryptographic-implementation/
A. Add a second-layer VPN from a different vendor between sites.
https://www.comparitech.com/blog/vpn-privacy/double-vpn/