ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 858 discussion

Actual exam question from CompTIA's SY0-601
Question #: 858
Topic #: 1
[All SY0-601 Questions]

A security analyst is reviewing a secure website that is generating TLS certificate errors. The analyst determines that the browser is unable to receive a response from the OCSP for the certificate. Which of the following actions would most likely resolve the issue?

  • A. Run a traceroute on the OCSP domain to find where the domain is failing.
  • B. Create an exclusion for the OCSP domain in the content filter
  • C. Unblock the OCSP protocol in the host-based firewall
  • D. Add the root certificate to the trusted sites on the workstation with the issue.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CircaG at March 24, 2024, 5:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CircaG
Highly Voted 1 year, 2 months ago
Selected Answer: C
C. OCSP (Online Certificate Status Protocol) is used to check the validity of certificates, and if the browser is unable to receive a response from the OCSP server due to firewall restrictions, it may result in TLS certificate errors. By unblocking the OCSP protocol in the host-based firewall, the browser will be able to communicate with the OCSP server and verify the certificate's validity, resolving the issue.
upvoted 5 times
LuckyAro
1 year, 2 months ago
Nowhere in the question was it mentioned that OCSP was blocked due to firewall restrictions, this is an assumption, it could be anything causing this connection issue.
upvoted 5 times
ps1hacker
1 year, 2 months ago
I find a lot of these CompTIA questions require some assumption. For example there are answer that says "change the default pw" even though it never says they are using the default pw in the question. For me, it seems if there is an answer for it, its safe to assume they are using that practice.
upvoted 1 times
NetworkTester1235
1 year, 1 month ago
If its not stated in the question then it never happened
upvoted 2 times
spearous
1 year ago
No, the question can be paraphrased as: from you experience, what could be happened most likely? the question is asking your best guess.
upvoted 1 times
...
...
...
...
...
shady23
Most Recent 1 year ago
Selected Answer: C
C. Unblock the OCSP protocol in the host-based firewall
upvoted 1 times
...
MortG7
1 year, 1 month ago
This was bugging me. Sorry for all the verbiage, but here is what I found: 6. Generic SSL Protocol Error This error is particularly tricky to resolve because there are multiple potential causes, including: A firewall or other security software interfering with the SSL protection. Check your firewall or security software settings to ensure they're not blocking or interfering with SSL connections. Then, try disabling any features that might disrupt your SSL. Obviously, TLS is the replacement for SSL as many of you already know.
upvoted 3 times
...
paCer66
1 year, 2 months ago
B. OCSP (non-stapling) is using http:// protocol -> no C, no D. A is meaningless here. Maybe the similar scenario as here: https://community.meraki.com/t5/Security-SD-WAN/http-ocsp-digicert-com-categorized-as-a-Malware-Site/m-p/7786
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel