List of questions
Related questions
Question 156 - CS0-003 discussion
While a security analyst for an organization was reviewing logs from web servers. the analyst found several successful attempts to downgrade HTTPS sessions to use cipher modes of operation susceptible to padding oracle attacks. Which of the following combinations of configuration changes should the organization make to remediate this issue? (Select two).
A.
Configure the server to prefer TLS 1.3.
B.
Remove cipher suites that use CBC.
C.
Configure the server to prefer ephemeral modes for key exchange.
D.
Require client browsers to present a user certificate for mutual authentication.
E.
Configure the server to require HSTS.
F.
Remove cipher suites that use GCM.
Your answer:
0 comments
Sorted by
Leave a comment first