WGU C845 VUN1 Task 3| Passed on First Attempt |Latest Update with Complete Solution

WGU C845 VUN1 Task 3| Passed on First
Attempt |Latest Update with Complete
Solution
A. Data Protection Risks and Cryptographic d d d d




Recommendations
d




A1. Identified Data Protection Risks
d d d d




1. Risk 1 (Data at Rest): Unencrypted Data Repository Leading to Mass Data Breach.
d d d d d d d d d d d d




o Vulnerability: The on-premises Finance server database stores highly sensitive customer PII d d d d d d d d d d




and financial records in clear text.
d d d d d d




o Threat: An attacker who gains access to the server (e.g., through a compromised d d d d d d d d d d d d




application or system vulnerability) can directly exfiltrate the entire database file.
d d d d d d d d d d d




o Consequence: This would lead to a catastrophic mass data breach, violating regulations d d d d d d d d d d d




(like GDPR or GLBA), causing significant financial loss, and irreparably damaging
d d d d d d d d d d d




customer trust. d d




2. Risk 2 (Data in Transit): Unencrypted Internal Data Transfer Leading to Eavesdropping and
d d d d d d d d d d d d




Manipulation.
d




o Vulnerability: The HR and Finance departments use an internal FTP server with legacy d d d d d d d d d d d d




protocols that do not encrypt data during transfer.
d d d d d d d d




o Threat: A malicious insider or an attacker who has gained a foothold on the corporate d d d d d d d d d d d d d d




network can trivially intercept (eavesdrop on) the data packets containing payroll and
d d d d d d d d d d d d




employee information. They could also alter the data in transit.
d d d d d d d d d d




o Consequence: This exposes sensitive employee data (like salaries and social security d d d d d d d d d d




numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
d d d d d d d d d d d d d




financial fraud and compliance failures.
d d d d d




A2. Recommended Cryptographic Methods
d d d




1. To mitigate the risk of the unencrypted database, FinSecure should implement Application-Level
d d d d d d d d d d d




Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-disk or
d d d d d d d d d d d d d d d




database-level encryption. This provides a defense-in-depth approach.
d d d d d d d




2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the legacy FTP
d d d d d d d d d d d d d d




server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for all internal file
d d d d d d d d d d d d d d d d d




transfers containing sensitive data.
d d d d




A2a. Justification of Recommendations
d d d




1. Application-Level Encryption for Data at Rest: This method encrypts data before it is written to the d d d d d d d d d d d d d d d




database. It directly supports data confidentiality by ensuring that specific, high-value data
d d d d d d d d d d d d




elements are encrypted with a unique key, separate from the database or storage system. Even if an
d d d d d d d d d d d d d d d d d




attacker bypasses the database server's security and gains direct access to the storage media or
d d d d d d d d d d d d d d d




database files, the encrypted fields remain unreadable. This provides a critical layer of protection
d d d d d d d d d d d d d d




This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:54:39 GMT -06:00
d d d d d d d d d d d d d




https://www.cliffsnotes.com//study-notes/29344373

, d beyond transparent disk encryption.
d d d




This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:54:39 GMT -06:00
d d d d d d d d d d d d d




https://www.cliffsnotes.com//study-notes/29344373