CAS-005 · Question #500
CAS-005 Question #500: Real Exam Question with Answer & Explanation
The correct answer is A: Removing any ciphers utilizing cipher block chaining. Cipher suites that use CBC (Cipher Block Chaining), such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_RSA_WITH_AES_128_CBC_SHA, are vulnerable to padding oracle and related attacks. Removing CBC-based ciphers ensures only modern and secure cipher suites (e.g., GCM, ChaCha20)
Question
A vulnerability scan was performed on a website, and the following encryption suites were found: Which of the following actions will remediate the vulnerability?
Options
- ARemoving any ciphers utilizing cipher block chaining
- BRearranging the order of the ciphers from strongest to weakest
- CDeploying a WAF to monitor web traffic
- DReissuing new SSL certificates for the website
Explanation
Cipher suites that use CBC (Cipher Block Chaining), such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_RSA_WITH_AES_128_CBC_SHA, are vulnerable to padding oracle and related attacks. Removing CBC-based ciphers ensures only modern and secure cipher suites (e.g., GCM, ChaCha20) are used, remediating the vulnerability.
Community Discussion
No community discussion yet for this question.