Exam 200-201 topic 1 question 87 discussion

The answer is B. c A cipher suite is a set of cryptographic algorithms that are used to secure network communications. By configuring network systems to use a cipher suite that supports decryption, the engineer can inspect the traffic for malicious activity, including command and control communications. The other options are not correct. Option A, static IP addresses, is not a technology that can be used to decrypt traffic. Option C, digital certificates, are used to verify the identity of a sender, but they do not provide encryption. Option D, signatures, are used to verify the integrity of a message, but they do not provide encryption.

Cipher suite is the only answer that provides encryption/decryption of network traffic.

Digital certificates are used to authenticate and establish trust between two communicating parties, but they do not provide the ability to decrypt traffic. The process of decrypting traffic involves using a decryption key, which is not related to digital certificates. Therefore, digital certificates are not the appropriate technology to use to accomplish the task of detecting command and control communications by decrypting ingress and egress perimeter traffic. The best answer is B, cipher suite. Cipher suites are sets of cryptographic algorithms that determine how secure network connections are established and data is encrypted. By configuring the network systems to decrypt ingress and egress perimeter traffic using a cipher suite, network security devices can inspect the traffic for command and control communications and other malicious outbound communications.

Answer: is Digital certficates The Digital Certificate can be used to encrypt the cleartext into a ciphertext, which is sent from the sending party to the other party. From cisco Modules

As based on https://en.wikipedia.org/wiki/Cipher_suite The key exchange algorithm is used to exchange a key between two devices. This key is used to encrypt and "decrypt" the messages being sent between two machines.

Enabling SSL decryption uses the root certificate on client machines, acting as certificate authority for SSL requests. This process makes it possible for SSL decryption to decrypt, perform a detailed inspection, and then re-encrypt SSL traffic before sending it off to its destination. This helps ensure that only authorized SSL traffic is traversing the network, and that malware hidden in SSL/TLS sessions is detected and remediated within the SSL decryption process.

With SSL/TLS inspection, you can 'break open' traffic to inspect it. A cipher suite is used in encryption, but that is not relevant here (is a detail of the implementation) Hence, answer C is correct.

C is the one here using Dcert to decrypt using ssl proxy

You must use a Root certificate, also referred to as a Certificate Authority (CA) Signing certificate, for HTTPS decryption on the WSA.

is it not about SSL inspection?

Cipher suites dictate which of these algorithms the server should use to make a secure and reliable connection. But it’s important to remember that cipher suites do not just ensure the security, but also the compatibility and performance of HTTPS connections. So, you should choose yours wisely.

c is correct

I think answer is C as well. Cipher suite is just a set of available ciphers that can be used by a device for encryption.

C. digital certificates - the traffic need to be decrypted for further analysis. This technology is used in proxy/WSA.