🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional120 / 129
Question 120 of 129

A security engineer reviews the TLS configuration of a customer-facing web application. The scan reports that the server still negotiates TLS 1.0 and accepts cipher suites using CBC-mode with RC4 fallback. Penetration testers demonstrate a man-in-the-middle attack that forces the client and server to negotiate the weakest mutually supported protocol version. Which configuration change most directly mitigates this specific downgrade attack while preserving interoperability with modern clients?

Reviewed for accuracy · Report an issueNext question