Table of Contents
Question
Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify?
A. The URL of the e-commerce server
B. The certificate of the e-commerce server
C. The IP address of the e-commerce server
D. The browser’s indication of SSL use
Answer
B. The certificate of the e-commerce server
Explanation
The question seems to be related to the domain of information security program development and management, which covers topics such as security technologies and controls, security standards and practices, security testing and evaluation methods, etc.
One of the subtopics in this domain is secure network architecture design and management, which involves understanding and applying secure transport protocols to protect Internet communication.
Secure transport protocols are protocols that provide encryption, message authentication and integrity, and replay attack protection to the data transmitted over a network. Some examples of secure transport protocols are Secure Real-time Transport Protocol (SRTP), Hypertext Transfer Protocol Secure (HTTPS), Secure File Transfer Protocol (SFTP), and Enrollment over Secure Transport (EST).
To confirm communication with Organization A, which offers e-commerce services and uses secure transport protocol to protect Internet communication, the BEST option for a client to verify would be B. The certificate of the e-commerce server.
This is because the certificate of the e-commerce server is a digital document that contains information about the identity and public key of the server, as well as the signature of a trusted certificate authority (CA) that vouches for its authenticity. By checking the certificate of the e-commerce server, the client can verify that they are communicating with the legitimate server and not an impostor, and that their communication is encrypted and protected by the secure transport protocol.
The other options are not as reliable or secure as verifying the certificate of the e-commerce server. For example:
- A. The URL of the e-commerce server may not indicate whether it is using a secure transport protocol or not. For example, a URL that starts with http:// does not use HTTPS, while a URL that starts with https:// does use HTTPS. However, even if a URL uses HTTPS, it does not guarantee that the server is trustworthy or has a valid certificate.
- C. The IP address of the e-commerce server may change over time or be spoofed by an attacker. It does not provide any information about the identity or public key of the server or whether it uses a secure transport protocol or not.
- D. The browser’s indication of SSL use may be misleading or inaccurate. For example, some browsers may show a padlock icon or a green address bar to indicate that a website uses SSL (Secure Sockets Layer), which is an older version of TLS (Transport Layer Security). However, SSL has been deprecated and has known vulnerabilities that make it insecure. Moreover, some browsers may not show any indication of SSL use at all, or may show a warning message if the certificate of the website is expired, revoked, self-signed, or issued by an untrusted CA.
I think that B. The certificate of the e-commerce server is the BEST answer to your question.
Reference
- What is Transport Layer Security (TLS)? | Cloudflare
- (PDF) Transport Layer Security (TLS)–A Network Security Protocol for E-commerce (researchgate.net)
- HTTPS: Why Is It Important For Ecommerce Website? | BigCommerce
- Transport Layer Security ( TLS ) – A Network Security Protocol for E-commerce | Semantic Scholar
- What is HTTPS? | Cloudflare
Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.