During a penetration test, you discovered critical vulnerabilities that must be communicated to the client. Given the sensitivity of the information, which of the following methods should you use to ensure the secure distribution of the report to the client's C-suite and technical staff?
You selected this option
Secure instant messaging application with the file attached
You selected this option
Standard email with password protection on the report document
You selected this option
Encrypted email with a pre-shared key or digital certificates
You selected this option
Uploading the report to a common file-sharing website without additional access controls
The correct answer is 'Encrypted email with a pre-shared key or digital certificates' because it provides a level of security suitable for transmitting sensitive information by encrypting the content of the email, thus ensuring that only authorized recipients with the correct keys or certificates can decrypt and access the information. In contrast, the incorrect answers either lack sufficient security measures to protect sensitive information, such as standard email lacking encryption, or are not practical for the distribution of reports, such as secure instant messaging which is typically not used for the distribution of extensive documents like penetration testing reports.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between pre-shared keys and digital certificates?
Open an interactive chat with Bash
Why is standard email with password protection considered insecure?
Open an interactive chat with Bash
What are some common features of secure instant messaging applications?