CAS-005 · Question #179
CAS-005 Question #179: Real Exam Question with Answer & Explanation
The correct answer is B: The client applications need to be modified to support AES in Galois/Counter Mode or equivalent.. The error "cipher unavailable" suggests that the upgraded OpenSSL library on the server has dropped support for older, insecure cipher suites. To safely remediate this, client applications need to be updated to support modern, secure cipher modes such as AES in Galois/Counter Mod
Question
A web application server that provides services to hybrid modern and legacy financial applications recently underwent a scheduled upgrade to update common libraries, including OpenSSL. Multiple users are now reporting failed connection attempts to the server. The technician performing initial triage identified the following: - Client applications more than five years old appear to be the most affected. - Web server logs show initial connection attempts by affected hosts. - For the failed connections, logs indicate "cipher unavailable." Which of the following is most likely to safely remediate this situation?
Options
- AThe server needs to be configured for backward compatibility to SSL 3.0 applications.
- BThe client applications need to be modified to support AES in Galois/Counter Mode or equivalent.
- CThe client TLS configuration must be set to enforce electronic codebook modes of operation.
- DThe server-side digital signature algorithm needs to be modified to support elliptic curve
Explanation
The error "cipher unavailable" suggests that the upgraded OpenSSL library on the server has dropped support for older, insecure cipher suites. To safely remediate this, client applications need to be updated to support modern, secure cipher modes such as AES in Galois/Counter Mode (GCM). This maintains security without reintroducing deprecated protocols.
Community Discussion
No community discussion yet for this question.