An analyst is reviewing an SSLscan from a web server in an environment:
The analyst needs to immediately disable ciphers that do not comply with company security standards. Which of the following ciphers is the least secure and should be disabled?
A.
AES128-SHA
B.
128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
C.
ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
D.
ECDHE-RSA-AES256-GCM-SHA384 Curve P-384 DHE 384
The correct answer is: E. DES-CBC3-SHA
Explanation:
Among all the listed ciphers, DES-CBC3-SHA (also known as 3DES) is the least secure due to the following reasons:
• DES (even in 3DES form) is considered deprecated and insecure due to its small block size (64-bit), which makes it vulnerable to birthday attacks and other cryptographic weaknesses.
• It is no longer considered acceptable under most modern security standards, including PCI DSS, NIST, and Mozilla’s TLS guidelines.
• TLS 1.2 still supports it, but it should be disabled immediately in modern environments.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Justheretolook
2 weeks, 1 day ago