CompTIA SecurityX (CAS-005) — Question 149

A security engineer needs to remediate a SWEET32 vulnerability in an OpenSSH-based application and review existing configurations. Which of the following should the security engineer do? (Choose two.)

Answer options

• A. Disable Twofish algorithms
• B. cat /etc/sshd/ssh_config | grep "HMAC"
• C. Disable RSA algorithms
• D. cat /etc/sshd/ssh_config | grep "PermitRootLogin"
• E. Disable 3DES algorithms
• F. cat /etc/sshd/ssh_config | grep "Ciphers"

Correct answer: E, F

Explanation

The correct actions are to disable 3DES algorithms (option E) since they are susceptible to the SWEET32 vulnerability. Additionally, checking the Ciphers configuration (option F) is essential to ensure that insecure ciphers are not being utilized. The other options do not address the SWEET32 issue or are not relevant to the configuration review for this vulnerability.