ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-901 All Questions

View all questions & answers for the 350-901 exam
Go to Exam

Exam 350-901 topic 1 question 163 discussion

Actual exam question from Cisco's 350-901
Question #: 163
Topic #: 1
[All 350-901 Questions]

Which two countermeasures help reduce the risk of playback attacks? (Choose two.)

  • A. Store data in a NoSQL database.
  • B. Implement message authentication (HMAC).
  • C. Enable end-to-end encryption.
  • D. Remove stack traces from errors.
  • E. Use short-lived access tokens.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by FR99 at Aug. 18, 2020, 6 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
FR99
Highly Voted 2 years, 9 months ago
Agree with 'B & E'
upvoted 16 times
...
kayleen
Highly Voted 2 years, 5 months ago
I like C & E. HMAC or encryption by itself do not provide playback protection. You need a timestamp in the data (see JWT). Usually encryption as in HTTPS instead of HTTP handles palyback protection as well.
upvoted 7 times
B3nd3cida
2 years ago
to me C & E as well make more sense.
upvoted 1 times
...
martin_k1
11 months, 1 week ago
HMAC does provide protection against reply attack, so according to me B is the correct answer. Additionally, C is not fully correct as end-to-end encryption might presume symmetric as well as asymmetric (TLS) encryption. In case of symmetric one, there is no built-in protection against reply attacks as it provides confidentialty only, not authentication. B & E are correct ones according to me.
upvoted 1 times
...
...
Teringzooi
Most Recent 7 months, 3 weeks ago
Selected Answer: BE
Agree with B & E
upvoted 2 times
...
designated
8 months, 2 weeks ago
Selected Answer: BE
HMAC is one of the most secure methods to authenticate API calls. It has unique properties to provide protection against MIM attacks like replay and request tampering. ASPSecurityKit provides a complete end-to-end implementation of providers for both server and JS clients to integrate HMAC in your API service. And short live tokens.
upvoted 3 times
...
QuiShong
11 months, 1 week ago
B, C and E all seem reasonable, especially if with C, perfect forward secrecy is implemented. I do think B & E are the more probabale ones.
upvoted 2 times
...
jinck
1 year, 4 months ago
B & E will work just fine in this instance. https://aspsecuritykit.net/guides/implementing-hmac-scheme-to-protect-api-requests/
upvoted 3 times
...
chulenzy
1 year, 6 months ago
Poor question, HMAC and encryption doesn’t provide protection against reply attacks. Timestamps, random session keys, password for each transaction does. I would go with end-to-end encryption and short-lived access tokens since the e2e is used many times as the proper security mechanism in the DEVCOR Study Guide.
upvoted 1 times
...
thinkingape
2 years, 5 months ago
Agree with FR99, B and E. IMO B alone is not going to prevent replay attack, it has to be used along with E. https://en.wikipedia.org/wiki/Replay_attack#General_countermeasure_for_all_replay_attacks
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago