CAS-003 · Question #566
CAS-003 Question #566: Real Exam Question with Answer & Explanation
The correct answer is A: Query the OCSP responder and review revocation information for the user certificates.. The provided correct answer is A - querying the OCSP responder verifies certificate revocation status, which is one of the listed findings (OCSP stapling supported). However, note that option D (inspecting the server certificate and simulating SSL/TLS handshakes for enumeration)
Question
Options
- AQuery the OCSP responder and review revocation information for the user certificates.
- BReview CA-supported ciphers and inspect the connection through an HTTP proxy.
- CPerform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.
- DInspect the server certificate and simulate SSL/TLS handshakes for enumeration.
Explanation
The provided correct answer is A - querying the OCSP responder verifies certificate revocation status, which is one of the listed findings (OCSP stapling supported). However, note that option D (inspecting the server certificate and simulating SSL/TLS handshakes for enumeration) is more logically comprehensive for reproducing the full set of findings listed in the tip: supported protocols (TLS 1.0, SSL 2/3), cipher suites, POODLE vulnerability, weak PFS, FALLBACK_SCSV, and OCSP stapling. Tools like testssl.sh or SSL Labs perform exactly these handshake simulations. Option A alone only addresses certificate revocation; it does not reproduce the protocol or cipher suite findings. If this question appears on your exam, the intent likely emphasizes validating the certificate chain and OCSP stapling as the analyst's first verification step.
Community Discussion
No community discussion yet for this question.