nerdexam
ExamsSY0-301Questions#826
CompTIA

SY0-301 · Question #826

SY0-301 Question #826: Real Exam Question with Answer & Explanation

The correct answer is D: AES128. AES128 is the strongest encryption cipher among the listed options for an SSL VPN prioritizing security over speed.

Question

An administrator values transport security strength above network speed when implementing an SSL VPN. Which of the following encryption ciphers would BEST meet their needs?

Options

  • ASHA256
  • BRC4
  • C3DES
  • DAES128

Explanation

AES128 is the strongest encryption cipher among the listed options for an SSL VPN prioritizing security over speed.

Common mistakes.

  • A. SHA256 is a cryptographic hash function used for integrity verification, not a symmetric encryption cipher used to protect data in transit.
  • B. RC4 is a deprecated stream cipher with well-documented vulnerabilities and is explicitly prohibited in modern TLS configurations.
  • C. 3DES applies DES encryption three times and is considered weak by modern standards, with NIST deprecating it due to its small 64-bit block size and susceptibility to Sweet32 attacks.

Concept tested. Selecting strong encryption ciphers for VPN

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice