ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 362 discussion

Actual exam question from CompTIA's CAS-004
Question #: 362
Topic #: 1
[All CAS-004 Questions]

A systems administrator confirms that the company's remote server is providing the following list of preferred ciphers:

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
• TLS_RSA_WITH_RC4_128_SHA (0x5)
• TLS_RSA_WITH_RC4_128_MD5 (0x4)

Nevertheless, when the systems administrator's browser connects to the server, it negotiates TLS_RSA_WITH_RC4_128_MD5 (0x4), while all other employees' browsers negotiate TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030). Which of the following describes a potential attack to the systems administrator's browser?

  • A. A cipher mismatch
  • B. Key rotation
  • C. A downgrade attack
  • D. A compromised key
  • E. Rekeying
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CXSSP at Sept. 25, 2023, 4 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
OdinAtlasSteel
7 months, 2 weeks ago
Selected Answer: C
C. A downgrade attack
upvoted 2 times
...
weaponxcel
8 months ago
Selected Answer: C
C. A downgrade attack. A downgrade attack is a type of attack where an attacker forces a client or server to use a less secure cryptographic protocol or cipher suite than the one that is preferred. In this case, the systems administrator's browser is negotiating the TLS_RSA_WITH_RC4_128_MD5 cipher suite, which is less secure than the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite that is preferred by the server and all other employees' browsers.
upvoted 2 times
...
32d799a
8 months, 1 week ago
Selected Answer: C
This type of manipulation is called a "downgrade attack." In a downgrade attack, an adversary intercepts the connection establishment process and manipulates it so that the parties involved (in this case, the browser and server) end up using weaker cryptographic parameters than they would have chosen if left undisturbed.
upvoted 3 times
...
CXSSP
9 months ago
Selected Answer: C
C. A downgrade attack In this scenario, it seems that the systems administrator's browser is being forced to negotiate a less secure cipher suite (TLS_RSA_WITH_RC4_128_MD5) instead of the preferred, more secure cipher suites. This is likely due to a man-in-the-middle attacker manipulating the negotiation process and downgrading the encryption level. This type of attack is known as a "downgrade attack."
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel