Organization A offers e-commerce services and uses secure transport protocol! to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify?
The correct answer is (A) The certificate of the e-commerce server as validating the commerce server's identity depends on checking with the Certificate authority the server's certificate. (i.e. trusted third party just like the state department verifies your identity with a passport. Except in this case the state department is the certificate authority and the passport is the certificate)
B. Phishing campaigns typically use valid SSL so this wouldn't help with that. You need to verify that you are indeed connecting to the correct server and not just any old server that has a certificate.
C. The IP address is not a valid form of identification like a certificate is.
D. The URL of the e-commerce server is not a valid option as DNS records could be poisoned and machines can be arp spoofed. Hell, even man-in-the-middle attacks can make this a bad form of identification. But a certificate is digitally signed and thus due to one-way cryptographic hashes and third-party validation (CA), it's a much more secure method to use option (A) certificates.
B. "Phishing campaigns typically use valid SSL" and the cert will be also valid for that domain, otherwise the browser would not connect and display a big red message. So in that case you say that you have to validate de URL (in the cert or in the browser). Then the answer is D. :)
This is a bad question. You have to check the URL AND the Browser's indication (which checks that the protocol is secure AND the cert is valid for that URL).
Answer B. The browser's indication of SSL use
Secure transport protocol (such as SSL or TLS) encrypts Internet communication between the client and the e-commerce server to ensure confidentiality and integrity. When the client accesses the e-commerce site, the browser should indicate that SSL is being used by displaying a padlock icon or a green address bar. This indicates that the communication between the client and the e-commerce server is encrypted and that the server's certificate has been verified.
The certificate of the e-commerce server (Option A) can be verified by the client to ensure that the server's identity is valid and trusted, but it does not confirm that the communication is encrypted.
Incorrect. When a secure channel is setup the server has to prove it's identity. That is what the Certificate is for it has the public key of the server. By using a third party like a Certificate authority you can indeed prove that the key is authentic. That public key is then used by the client to encrypt a symetic key which is sent to the server and the server can then decrypt it with it's public key to begin the encrypted communication. That's how SSL and TLS works. So ti's important to verify that the certificate is legitimate, because if you don't then your connecting to any old server... which in fact could be the attacker's server... who care if the communication is secure. Your talking to an attacker when you shouldn't be. The first step should be to verify the identity before starting the communication. Thus the answer is (A).
*Decrypts with the server's private key. Sorry it's nearly midnight here as I try to type out this response :(
upvoted 1 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
vickyguna78
5 months, 1 week agorichck102
1 year, 6 months agodark_3k03r
1 year, 9 months agod7a2ba6
3 weeks, 5 days agoshessy
1 year, 9 months agodark_3k03r
1 year, 9 months agodark_3k03r
1 year, 9 months ago