Exam CAS-004 topic 1 question 37 discussion

This cipher suite uses RC4 encryption, which is considered insecure and has known vulnerabilities that make it susceptible to attacks. The RC4 algorithm has been deprecated and should not be used in any secure communications. Removing this cipher suite aligns with secure-by-design principles and PCI DSS requirements.

RC4 is BAD! Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

The TLS_DHE_DSS_WITH_RC4_128_SHA cipher should be removed from the web server configuration since it uses the insecure RC4 encryption algorithm, which is vulnerable to on-path attacks. Therefore, the answer is B.

In the past, RC4 was advised as a way to mitigate BEAST attacks. However, due to the latest attacks on RC4, Microsoft has issued an advisory against it. The PCI DSS also prohibits the use of the RC4 bulk cipher. https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/#:~:text=In%20the%20past%2C%20RC4%20was%20advised%20as%20a,prohibits%20the%20use%20of%20the%20RC4%20bulk%20cipher.

This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections.

TLS 1.1 uses RC4 so its the most outdated of all the choices. Answer is B

B is the only unsecure

Where is the contributor admins on these questions. Is clearly B yet we have trolls selecting the wrong answers.

RC4 is deprecated

RC4 is the clue here.

B. Is the answer. Additionally, use of weak cipher suites or unapproved algorithms – e.g., RC4, MD5, and others – is not allowed. https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

This is the only reference I could find: https://datatracker.ietf.org/doc/html/rfc7465 This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections.

RC4 is depricated.

Think it's B. Because it says just 'SHA' at the end, which implies SHA 1

Can someone explain why? Thanks!