Which defense protects against MITM by validating server certificates?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which defense protects against MITM by validating server certificates?

Explanation:
Validating server certificates during TLS prevents a man-in-the-middle from posing as the legitimate server. When a TLS session starts, the server presents a certificate. The client then traces that certificate back to a trusted authority, confirms the domain name matches, checks that it hasn’t expired or been revoked, and verifies the certificate chain. If everything checks out, the client and server establish an encrypted channel using the server’s key, so an attacker cannot decrypt, alter, or impersonate the server without a trusted certificate and private key. Firewalls control where traffic can flow but don’t verify the server’s identity during a TLS handshake. Hashing passwords protects stored credentials and does not secure the transport channel. Password policies address how credentials are created and managed, not how data is protected in transit.

Validating server certificates during TLS prevents a man-in-the-middle from posing as the legitimate server. When a TLS session starts, the server presents a certificate. The client then traces that certificate back to a trusted authority, confirms the domain name matches, checks that it hasn’t expired or been revoked, and verifies the certificate chain. If everything checks out, the client and server establish an encrypted channel using the server’s key, so an attacker cannot decrypt, alter, or impersonate the server without a trusted certificate and private key.

Firewalls control where traffic can flow but don’t verify the server’s identity during a TLS handshake. Hashing passwords protects stored credentials and does not secure the transport channel. Password policies address how credentials are created and managed, not how data is protected in transit.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy