CompTIA Security+ (SY0-501) — Question 653
A security engineer is concerned about susceptibility to HTTP downgrade attacks because the current customer portal redirects users from port 80 to the secure site on port 443. Which of the following would be MOST appropriate to mitigate the attack?
Answer options
- A. DNSSEC
- B. HSTS
- C. Certificate pinning
- D. OCSP
Correct answer: B
Explanation
HSTS (HTTP Strict Transport Security) is the most effective method to mitigate HTTP downgrade attacks because it enforces the use of HTTPS and prevents any communication over HTTP. The other options, such as DNSSEC, certificate pinning, and OCSP, do not directly address the vulnerability of redirecting from an insecure to a secure connection.