exam questions

Exam CV0-003 All Questions

View all questions & answers for the CV0-003 exam

Exam CV0-003 topic 1 question 14 discussion

Actual exam question from CompTIA's CV0-003
Question #: 14
Topic #: 1
[All CV0-003 Questions]

A systems administrator has migrated an internal application to a public cloud. The new web server is running under a TLS connection and has the same TLS certificate as the internal application that is deployed. However, the IT department reports that only internal users who are using new versions of the OSs are able to load the application home page. Which of the following is the MOST likely cause of the issue?

  • A. The local firewall from older OSs is not allowing outbound connections.
  • B. The local firewall from older OSs is not allowing inbound connections.
  • C. The cloud web server is using a self-signed certificate that is not supported by older browsers.
  • D. The cloud web server is using strong ciphers that are not supported by older browsers.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Zak11
Highly Voted 1 year, 10 months ago
Selected Answer: D
The MOST likely cause of the issue is that the cloud web server is using strong ciphers that are not supported by older browsers. Strong ciphers provide a higher level of security but are often not supported by older browsers, which can lead to connection issues. To resolve the issue, the systems administrator can configure the cloud web server to support weaker ciphers that are compatible with older browsers.
upvoted 5 times
...
BigM
Most Recent 1 week, 4 days ago
Selected Answer: D
TLS Cipher Suites: The most likely cause of this issue is that the cloud web server is using stronger or more modern TLS cipher suites that are not supported by older browsers or older operating systems. Modern browsers and OS versions tend to support the latest security standards, while older versions may lack support for newer or more secure ciphers. This could be especially true if the server is using TLS 1.2 or TLS 1.3 with advanced cipher suites, which might not be supported by older browsers or operating systems. These older versions may only support weaker ciphers or older versions of TLS like TLS 1.0 or TLS 1.1, which are now considered insecure.
upvoted 1 times
...
braveheart22
5 months, 1 week ago
After AI Review, I am changing my answer to "C" I spent some time reviewing my initial response to this question, and doing some google research as well. So I m finally leaning towards option "C" Using a self-signed TLS certificate, common connection issues include: browser warning pop-ups alerting users about the untrusted certificate, potential for Man-in-the-Middle (MITM) attacks due to lack of trust validation, difficulty connecting to services that require trusted certificates, and user hesitation to proceed due to the security warnings displayed by their browser; essentially, any situation where a user's device cannot verify the authenticity of the certificate, leading to potential security concerns and disruption of the connection.
upvoted 1 times
...
braveheart22
5 months, 2 weeks ago
After a careful examination of the question, I think option D is the correct answer.
upvoted 2 times
braveheart22
5 months, 1 week ago
AI Review Hey guys I have spent some time reviewing my initial response to this question, and doing some Google research as well. So I m finally leaning towards option hen using a self-signed TLS certificate, common connection issues include: browser warning pop-ups alerting users about the untrusted certificate, potential for Man-in-the-Middle (MITM) attacks due to lack of trust validation, difficulty connecting to services that require trusted certificates, and user hesitation to proceed due to the security warnings displayed by their browser; essentially, any situation where a user's device cannot verify the authenticity of the certificate, leading to potential security concerns and disruption of the connection.
upvoted 1 times
...
...
kuzummjakk
1 year ago
I understand why C is what it's looking for. The question says that the only change was the server moving from internal to public. If it was a TLS version issue, they should've seen it when they were internal too. That crosses out D making C the only "possible" answer.
upvoted 2 times
TheFivePips
10 months, 1 week ago
Its not a TLS issue. Its an old OS issue. The question implies that there are new and old OSs internally, and only the old ones are having an issue. Now it is possible that the OS doesn't support self signed certificates, but do you really think that the older OS would have a more restrictive policy than the new one? self signed has been around for a while, I think its much more likely that it just doesn't support the new cryptographic protocols
upvoted 2 times
TheFivePips
10 months, 1 week ago
just to add on here, almost all browsers support self signed certificates, usually with a warning. It predates public key infrastructure, and was kind of the only game in town for a while. All that to say its more likely that the browser doesn't support the new cryptographic standards that come out every 3-5 years
upvoted 2 times
...
...
...
veliyath
1 year, 3 months ago
The most likely cause of the issue based on the provided information is: C. The cloud web server is using a self-signed certificate that is not supported by older browsers. Older operating systems and browsers might not support or trust self-signed certificates, causing them to fail in establishing a secure connection with the web server. This issue would result in the inability of users on older OS versions to load the application home page despite having the same TLS certificate.
upvoted 1 times
...
nowaydude1
1 year, 4 months ago
Selected Answer: C
It's obviously C. So many people seem to have missed the memo on self-signed certificates. To host something on the web you need a PUBLIC CA to issue your certificate for it to be trusted. Since they were using the same certificate as when they had it running internally only... then its self-signed. The cipher thing is stupid. you really think everyone is running out of date browsers? come on, question the obvious. This is obviously a self-signed certificate issue.
upvoted 2 times
kuzummjakk
1 year ago
It specifically says that everyone with an old OS can't access it. The last sentence matters too.
upvoted 2 times
...
FrancisDrake
1 year, 2 months ago
It does say internal users with the newer os. So I assume that internal users with the older os are also having issues. Also simply because it is self-signed does not necessarily mean that you cannot access the web server.
upvoted 3 times
...
...
Pongsathorn
1 year, 5 months ago
Selected Answer: D
The MOST likely cause of the issue where only internal users with newer OS versions can load the application home page in a TLS-encrypted connection is: **D. The cloud web server is using strong ciphers that are not supported by older browsers.** Here's why: TLS (Transport Layer Security) connections involve encryption and decryption processes that rely on cryptographic ciphers. Older web browsers or OSs may not support the latest, most secure cryptographic ciphers due to security updates and compatibility issues.
upvoted 4 times
Pongsathorn
1 year, 5 months ago
When a web server is configured to use strong ciphers, older browsers or OSs that lack support for these ciphers will have difficulty establishing a secure connection. As a result, users with older systems may experience connection failures or loading issues when accessing the application. To address this issue, the administrator should consider adjusting the server's cipher suite to support a wider range of clients, including those with older OSs and browsers. This can involve configuring the server to use a more backward-compatible cipher suite or enabling backward-compatible cipher suites in addition to strong ones. This approach ensures broader compatibility while still maintaining security.
upvoted 2 times
...
...
betty_boop
1 year, 11 months ago
Selected Answer: D
Strong ciphers
upvoted 2 times
...
Grayson2023
2 years ago
I agree with C, the server is using the same TLS certificate both internally and externally. Regardless if the site was used internally or externally, the question states the same certificate was used.
upvoted 1 times
Grayson2023
2 years ago
I recant this statement.
upvoted 2 times
...
...
AustinKelleyNet
2 years, 1 month ago
Selected Answer: D
This seems like an obvious answer.
upvoted 2 times
...
ramrod1738
2 years, 1 month ago
The MOST likely cause of the issue is that the cloud web server is using strong ciphers that are not supported by older browsers (Option D). TLS is a protocol that encrypts data transmitted over the internet. When a client (such as a web browser) connects to a server (such as a web server), the two parties negotiate the encryption protocol and cipher that will be used for the connection. If the client and server do not support the same encryption protocols and ciphers, the connection will fail. In this scenario, it is likely that the cloud web server is using strong ciphers that are not supported by older browsers. This would cause the connection to fail for internal users who are using older versions of the OSs.
upvoted 1 times
...
WeLikeSpamHere
2 years, 2 months ago
Selected Answer: D
Answer is D
upvoted 2 times
...
ryanzou
2 years, 6 months ago
Selected Answer: D
ANSWER MUST BE D, no doubts, met the same scenario before
upvoted 3 times
...
Admiral_Crunch
2 years, 9 months ago
D, I agree with bx88 statement.
upvoted 2 times
...
bx88
2 years, 9 months ago
Answer is D The firewall policies should NOT have any impact in this scenario. If the policies block inbound or outbound traffics, users could not even access the application while it was hosted on-prem. Since the new web server and has the same TLS certificate as the internal application that is deployed, certificate is less likely the cause of the issue. If the web server is using strong ciphers that are not supported by older browsers (for example - the web server requires AES 256 bits while the old browser supports 128 and 192 bits only), the users using old browsers could not access the page. This is the most likely cause of the issue.
upvoted 2 times
...
dvd21
3 years, 3 months ago
Answer is D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago