CompTIA CASP+ (CAS-003) — Question 155

A security analyst for a bank received an anonymous tip on the external banking website showing the following:
✑ Protocols supported
- TLS 1.0
- SSL 3
- SSL 2
✑ Cipher suites supported
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit
- TLS_RSA_WITH_RC4_128_SHA
✑ TLS_FALLBACK_SCSV non supported
✑ POODLE
✑ Weak PFS
✑ OCSP stapling supported
Which of the following should the analyst use to reproduce these findings comprehensively?

Answer options

• A. Query the OCSP responder and review revocation information for the user certificates.
• B. Review CA-supported ciphers and inspect the connection through an HTTP proxy.
• C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.
• D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.

Correct answer: A

Explanation

The correct answer is A because querying the OCSP responder allows the analyst to check the revocation status of the user certificates, which is crucial for understanding the security posture. Options B, C, and D do not directly address the verification of the findings related to certificate revocation and may lead to incomplete assessments of the identified vulnerabilities.