CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


What is a potential effect of X11 not being tunneled through SSH?

  1. Unauthorized data access

  2. Increased resource consumption

  3. Cross-Site Scripting

  4. Server overload

The correct answer is: Unauthorized data access

When X11 is not tunneled through SSH, a significant potential effect is unauthorized data access. X11 is a protocol used for displaying graphical user interfaces on Unix and Unix-like operating systems, allowing applications to run on one machine and display on another. Without SSH tunneling, which encrypts the data being transmitted, the X11 traffic can be intercepted by malicious actors in the network. This lack of encryption means that sensitive information, such as user sessions or interactions with applications, could be exposed to attackers, leading to potential unauthorized access to personal data, application states, or even the ability to control the graphical interface itself. The other options, while they may represent issues in different contexts, do not directly relate to the specific risk introduced by not tunneling X11 through SSH. Increased resource consumption could occur in various scenarios but is not an inherent result of the lack of tunneling. Cross-Site Scripting pertains specifically to web applications and involves the injection of malicious scripts into web pages, which doesn't relate to X11 traffic. Server overload typically arises from excessive requests or processes but is not directly tied to the tunneling of X11 sessions. Thus, the emphasis on unauthorized data access is critical in the context of network security and the risk introduced when standard