Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 188

A company encountered a breach on its web servers using IIS 7.5. During the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1.2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters.
Which action does the engineer recommend?

Answer options

• A. Upgrade to TLS v1.3.
• B. Install the latest IIS version.
• C. Deploy an intrusion detection system.
• D. Downgrade to TLS 1.1.

Correct answer: A

Explanation

Recommending an upgrade to TLS v1.3 is the correct action because it provides stronger security features and mitigates downgrade attacks. While installing the latest IIS version and deploying an intrusion detection system may improve security, they do not directly address the issue of protocol negotiation. Downgrading to TLS 1.1 would only worsen the security posture, as it is less secure than TLS 1.2.