ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 406 discussion

Actual exam question from CompTIA's CS0-002
Question #: 406
Topic #: 1
[All CS0-002 Questions]

A security analyst is reviewing vulnerability scans from an organization’s internet-facing web services. The following is from an output file called ssl-test_webapps.comptia.org:



Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

  • A. TLS_RSA_WITH_DES_CBC_SHA 56
  • B. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)
  • C. TLS_RSA_WITH_AES_256_CBC_SHA 256
  • D. TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Saphi at Sept. 27, 2023, 3:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
skibby16
1 year, 7 months ago
Selected Answer: A
Correction the answer is A
upvoted 1 times
...
skibby16
1 year, 8 months ago
Selected Answer: B
The line from this output that most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key is TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits). This line indicates that the cipher suite uses Diffie-Hellman ephemeral (DHE) key exchange with RSA authentication, AES 128-bit encryption with cipher block chaining (CBC) mode, and SHA-1 hashing. The DHE key exchange uses a 1024-bit Diffie-Hellman group, which is considered too weak for modern security standards and can be broken by attackers using sufficient computing power. The other lines indicate stronger cipher suites that use longer key lengths or more secure algorithms. References: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 9
upvoted 1 times
...
Dree_Dogg
1 year, 9 months ago
Selected Answer: A
had this question on the exam today
upvoted 4 times
Saphi
1 year, 9 months ago
Thanks, hope it went ok and that you passed!
upvoted 1 times
Dree_Dogg
1 year, 9 months ago
thanks, i did. got a 772
upvoted 6 times
simpfemboy
1 year, 8 months ago
good job brodie!
upvoted 2 times
...
...
...
...
Saphi
1 year, 9 months ago
Selected Answer: A
"A machine that can crack a DES key in a second would take 149 trillion years to crack a 128-bit AES key. Hence, it is safe to say that AES-128 encryption is safe against brute-force attacks. AES has never been cracked yet and it would take large amounts of computational power to crack this key."
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel