You have completed a penetration test for a large financial organization and are required to share the final report containing sensitive vulnerability details with multiple stakeholders. Which method should you use to distribute the report securely, as per best practices?
You selected this option
Encrypting the report and sending it via an encrypted email service, accessible only to authorized stakeholders with the decryption key.
You selected this option
Uploading the report to a password-protected public website where stakeholders can download it.
You selected this option
Storing the report on a cloud service without implementing user-specific access controls.
You selected this option
Posting direct download links to the report on a private forum frequented by the stakeholders.
You selected this option
Distributing physical copies of the report in sealed envelopes via courier services.
You selected this option
Sending the report via standard email with no encryption.
Using an encrypted email ensures that the contents of the report are protected during transit and can only be accessed by individuals who have the encryption key or password. This maintains confidentiality and integrity of the findings. Using a standard email without encryption risks exposure of sensitive data to unauthorized individuals due to potential interception. A cloud service without proper security controls or a password-protected public website fails to control access appropriately, potentially allowing unauthorized users to access the report. Physical documents can be secure but are not practical for distributing to multiple stakeholders, especially those in different geographical locations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does encryption mean in the context of email?
Open an interactive chat with Bash
What are the best practices for securely sharing sensitive reports?
Open an interactive chat with Bash
What are the risks of sending sensitive information via unencrypted email?