ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 325 discussion

Actual exam question from CompTIA's CAS-003
Question #: 325
Topic #: 1
[All CAS-003 Questions]

A security analyst for a bank received an anonymous tip on the external banking website showing the following:
✑ Protocols supported
- TLS 1.0
- SSL 3
- SSL 2
✑ Cipher suites supported
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit
- TLS_RSA_WITH_RC4_128_SHA
✑ TLS_FALLBACK_SCSV non supported
✑ POODLE
✑ Weak PFS
✑ OCSP stapling supported
Which of the following should the analyst use to reproduce these findings comprehensively?

  • A. Query the OCSP responder and review revocation information for the user certificates.
  • B. Review CA-supported ciphers and inspect the connection through an HTTP proxy.
  • C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.
  • D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by SoukelezArtibuz at Feb. 12, 2021, 12:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SoukelezArtibuz
Highly Voted 4 years, 3 months ago
The answer is most likely D
upvoted 8 times
Trap_D0_r
4 years, 3 months ago
Agree with D.
upvoted 3 times
...
...
D1960
Most Recent 4 years, 2 months ago
Maybe: C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output? I suspect that this may be the possible issue: "TLS_FALLBACK_SCSV non supported" I think this might leave the system vulnerable to a downgrade attack. "The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3. The vulnerability is no longer present in the Transport Layer Security protocol (TLS), which is the successor to SSL (Secure Socket Layer)." https://www.acunetix.com/blog/web-security-zone/what-is-poodle-attack/ So if "TLS_FALLBACK_SCSV non supported" then an attacker could do a downgrade attack, knocking this down to SSL 3. Then do a POODLE attack.
upvoted 1 times
...
D1960
4 years, 2 months ago
Why is D a better answer than A?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel