Which of the following ciphers should the security analyst remove to support the business requirements?

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack.

A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?
A . TLS_AES_128_CCM_8_SHA256
B . TLS_DHE_DSS_WITH_RC4_128_SHA
C . TLS_CHACHA20_POLY1305_SHA256
D . TLS_AES_128_GCM_SHA256

View Answer

Answer: B

Explanation:

The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The other ciphers are more secure and compliant with secure-by-design principles and PCI DSS.

Verified Reference:

https://www.comptia.org/blog/what-is-a-cipher

https://partners.comptia.org/docs/default-source/resources/casp-content-guide