Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Comptia Discussions

Exam CAS-004 topic 1 question 190 discussion

Actual exam question from CompTIA's CAS-004
Question #: 190
Topic #: 1
[All CAS-004 Questions]

A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?

  • A. HSTS
  • B. TLS 1.2
  • C. Certificate pinning
  • D. Client authentication
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by dangerelchulo at Sept. 2, 2022, 8:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Mr_BuCk3th34D
Highly Voted 1 year, 4 months ago
Selected Answer: C
It is likely that the cause of the error is certificate pinning, which is a security feature that allows a client device to verify the authenticity of a server's certificate by comparing it to a predetermined set of trusted certificates. If the certificate presented by the server does not match one of the trusted certificates, the client will experience an HTTPS connection error. It is possible that the corporate laptop has a different set of trusted certificates than the mobile phone, which is why the user was able to access the Internet banking website on the mobile phone but not on the corporate laptop.
upvoted 6 times
...
TomasValtor
Most Recent 1 month ago
Answare: C See this: https://www.ssls.com/blog/the-problem-with-certificate-pinning/#:~:text=While%20certificate%20pinning%20doesn%27t,clients%20could%20experience%20service%20interruption.
upvoted 1 times
...
ThatGuyOverThere
6 months, 3 weeks ago
Selected Answer: C
Corporate network is probably using SSL decryption to analyze traffic for all things malicious and/or DLP. SSL decryption doesn't work with sites using certificate pinning because to SSL decrypt you must use a different cert for MITM to decrypt.
upvoted 1 times
...
32d799a
7 months, 1 week ago
Selected Answer: C
Certificate pinning - This is the practice of associating a host with a specific certificate. If the corporate laptop's browser or its security software detects a different certificate (even if it's valid), it will block the connection. This is likely the reason, especially if the corporate laptop has some security tools or policies in place that enforce or monitor certificate pinning. The mobile phone wouldn't have this same restriction, so it can access the site without issue.
upvoted 1 times
...
Ariel235788
7 months, 2 weeks ago
Selected Answer: A
The MOST likely security configuration causing the HTTPS connection error when trying to access the Internet banking website from the corporate laptop is: A. HSTS (HTTP Strict Transport Security). HSTS is a security feature that enforces the use of HTTPS for web connections. When a website is configured with HSTS, it instructs the user's browser to only use secure, encrypted connections (HTTPS) when communicating with the site. If the corporate laptop's browser has encountered an issue with HSTS settings, it could prevent the connection to the Internet banking website via HTTPS, resulting in an error.
upvoted 1 times
nuel_12
6 months ago
if you read the question well, it say he is trying to access the web site using https, not http that the website can reject or downgrade attack, so the the only possible answer is C certificate pinning
upvoted 4 times
...
...
CXSSP
7 months, 3 weeks ago
Selected Answer: C
Selected Answer: C
upvoted 1 times
...
Sam1289
9 months ago
Selected Answer: A
In this scenario, the user's corporate laptop may have cached the HSTS policy and attempted to access the website over HTTPS, resulting in a connection error if there's an issue with the HTTPS configuration. On the other hand, the mobile phone's browser may not have cached the HSTS policy, allowing the user to access the HTTP version of the website without issue. Therefore, the most likely cause of the error in this case is A. HSTS (HTTP Strict Transport Security).
upvoted 2 times
...
imather
9 months, 3 weeks ago
Selected Answer: B
D - Not relevant C - Certificate pining does not make sense for accessing a bank website. Why would the bank only allow trusted clients to access. B - If the bank is running TLS1.2 and the company does not allow that or if the company only supports TLS 1.2 and the back is using 1.3, then that could cause errors A - HSTS is a protocol to upgrade from HTTP to HTTPS, but it is sent from the site to the browser, not a setting on the browser
upvoted 3 times
...
BiteSize
10 months ago
Selected Answer: B
This question was tricky because of the various maybe's of the corporate laptop. The type of organization is up to interpretation by the reader. The organization could have old computers, a small number of users, not a mature security program, or it could be quite the opposite. This is why I feel that the answers vary as much as they do. Chat GPT says A (HSTS)and all the test banks do as well. However, the Microsoft AI says B, TLS 1.2. This makes the decision difficult, but trying to focus on the corporate portion and the date of the latest revision of the test (past year or so) to think about modern techniques and common issues in 2022 instead of when HSTS was first implemented, July 26, 2016, by Google.
upvoted 2 times
BiteSize
10 months ago
Looking up what techniques are listed between A, B, and C are feasible and common, I came up with B, Tls 1.2. Based on my experience, there are many issues when the wrong TLS boxes are checked, and corporate laptops always mess with those. Certificate Pinning isn't that common; imagine ONLY using certs you say are good. Your users would be clamoring daily to the help desk and the overhead for the Active Directory team to manage the CRL would be insane. HSTS is a normal thing configured pretty smoothly and honestly doesn't come up as an issue in the large enterprise I work at; it is now well past 2016 when we first saw this rollout. Therefore, I'm going against the grain and being the ONLY person that picks B.
upvoted 2 times
BiteSize
10 months ago
Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
upvoted 1 times
...
...
...
nycrack
11 months, 1 week ago
Selected Answer: A
Ai says A
upvoted 1 times
...
p1s3c
1 year ago
Selected Answer: A
The HTTPS connection error suggests that there may be an issue with the laptop's security configuration. One possible cause of the error could be the HSTS (HTTP Strict Transport Security) configuration, which enforces the use of HTTPS by instructing the browser to only communicate with the website over a secure connection. If the corporate laptop is misconfigured or outdated and does not support HSTS, it may prevent the user from accessing the website over HTTPS. The fact that the mobile phone was able to access the website without issue suggests that the website is not misconfigured. Therefore, option A, HSTS, is the MOST likely cause of the error.
upvoted 1 times
...
josepa
1 year, 1 month ago
A correct answer
upvoted 3 times
...
hidady
1 year, 4 months ago
A is the correct answer
upvoted 3 times
...
[Removed]
1 year, 6 months ago
Selected Answer: C
just using SSL and HTTPS doesn't fully protect your data. Instead, certificate pinning currently tops the list of ways to make your application traffic secure. and it looks like the corporation laptop browser is not capable of doing so but mobile OSs on the other hand allow for Certificate pinning. This helps thwart man-in-the-middle attacks https://www.youtube.com/watch?v=is8lHjEkk7U
upvoted 2 times
youngprinceton
1 year, 6 months ago
when you gonna test
upvoted 2 times
...
[Removed]
1 year, 6 months ago
Answer maybe A From the book: HTTP Strict Transport Security (HSTS) As you know, HTTP is a plaintext protocol, so when security is an issue (and when isn’t it?), HTTPS should be used. However, even when you require HTTPS, it is sometimes possible for hacker to force a client to use HTTP instead; this is called a downgrade attack. HTTP Strict Transport Security (HSTS) is policy mechanism that prevents such attacks and several other types as well. When using HSTS, a web server informs web browsers (or other user agents) that they should automatically interact with it using only HTTPS connections.
upvoted 5 times
...
...
dangerelchulo
1 year, 8 months ago
Selected Answer: A
Is browser based and is created by HSTS, when you reset it the problem goes away. Also answer is A in another test bank. Check the link for more info https://help.siteimprove.com/support/solutions/articles/80000489888-clearing-hsts-settings-to-fix-a-too-many-redirects-page-report-error
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel