CompTIA CASP+ (CAS-004) — Question 614

A systems administrator confirms that the company's remote server is providing the following list of preferred ciphers:

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
• TLS_RSA_WITH_RC4_128_SHA (0x5)
• TLS_RSA_WITH_RC4_128_MD5 (0x4)

Nevertheless, when the systems administrator's browser connects to the server, it negotiates TLS_RSA_WITH_RC4_128_MD5 (0x4), while all other employees' browsers negotiate TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030). Which of the following describes a potential attack to the systems administrator's browser?

Answer options

• A. A cipher mismatch
• B. Key rotation
• C. A downgrade attack
• D. A compromised key
• E. Rekeying

Correct answer: C

Explanation

The correct answer is C, as a downgrade attack occurs when an attacker forces a connection to use a weaker cipher, like TLS_RSA_WITH_RC4_128_MD5, instead of stronger options. The other options do not specifically relate to the scenario of the administrator's browser being forced into using a less secure cipher.