nerdexam
EC-Council

312-50V10 · Question #290

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet

The correct answer is A. Asymmetric. HTTPS relies on SSL/TLS certificates built on asymmetric (public key) cryptography to authenticate the server and establish the encrypted session.

Cryptography

Question

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

Options

  • AAsymmetric
  • BConfidential
  • CSymmetric
  • DNon-confidential

How the community answered

(31 responses)
  • A
    87% (27)
  • B
    6% (2)
  • C
    3% (1)
  • D
    3% (1)

Why each option

HTTPS relies on SSL/TLS certificates built on asymmetric (public key) cryptography to authenticate the server and establish the encrypted session.

AAsymmetricCorrect

SSL/TLS certificates are X.509 certificates that use an asymmetric key pair - a public key embedded in the certificate and a corresponding private key held by the server. The asymmetric algorithm is used during the TLS handshake to authenticate the server and securely exchange keying material. This is the certificate type that enables HTTPS encryption for e-commerce transactions.

BConfidential

'Confidential' is not a recognized cryptographic certificate type or classification in any standard PKI or SSL/TLS framework.

CSymmetric

Symmetric encryption uses a single shared key for both encryption and decryption; while TLS does use a symmetric session key for bulk data transfer, the certificate itself is asymmetric and is not a 'symmetric certificate'.

DNon-confidential

'Non-confidential' is not a defined certificate type in any PKI, TLS, or cryptographic standard.

Concept tested: Asymmetric certificates enabling HTTPS/TLS encryption

Source: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-ssl-schannel-ssp-overview

Topics

#asymmetric encryption#HTTPS#SSL/TLS#certificate

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice