PrepAway - Latest Free Exam Questions & Answers

Which of the following best describes what takes place during an SSL connection setup process?

SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process?

PrepAway - Latest Free Exam Questions & Answers

A.
The server creates a session key and encrypts it with a public key.

B.
The server creates a session key and encrypts it with a private key.

C.
The client creates a session key and encrypts it with a private key.

D.
The client creates a session key and encrypts it with a public key.

Explanation:
D: Secure Sockets Layer (SSL) uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication. When a client
accesses a Web site, that Web site may have both secured and public portions. The secured portion would require the user to be authenticated in some fashion. When the client goes
from a public page on the Web site to a secured page, the Web server will start the necessary tasks to invoke SSL and protect this type of communication. The server sends a
message back to the client, indicating a secure session should be established, and the client in response sends its security parameters. The server compares those security
parameters to its own until it finds a match. This is the handshaking phase. The server authenticates to the client by sending it a digital certificate, and if the client decides to trust the
server, the process continues. The client generates a session key and encrypts it with the server’s public key. This encrypted key is sent to the Web server, and they both use this
symmetric key to encrypt the data they send back and forth.
A is incorrect because the server does not create the session key; the client creates a session key and encrypts it with the server’s public key. SSL is commonly used in Web
transactions and works in the following way: client creates session key, client encrypts session key with server’s public key and sends it to the server, server receives session key and
decrypts it with its private key.
B is incorrect because the server does not create the session key, and it is not encrypted with the private key. The client creates a session key and encrypts it with the server’s
public key. The server receives the session key and decrypts it with its private key. The session key is then used to encrypt the data that is transmitted between the client and server.
C is incorrect because the client uses the server’s public key to encrypt the session key it generates. If the client encrypted the session key with the private key, then any entity that
possessed the client’s public key would be able to decrypt the session key. This does not provide any security. By encrypting the session key with the server’s public key, only the
serverwhich possesses the corresponding private keycan decrypt it.

One Comment on “Which of the following best describes what takes place during an SSL connection setup process?

  1. Joe says:

    Secure Sockets Layer (SSL) uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication. When a client accesses a Web site, that Web site may have both secured and public portions.

    The secured portion would require the user to be authenticated in some fashion. When the client goes from a public page on the Web site to a secured page, the Web server will start the necessary tasks to invoke SSL and protect this type of communication.

    The server sends a message back to the client, indicating a secure session should be established, and the client in response sends its security parameters. The server compares those security parameters to its own until it finds a match. This is the handshaking phase. The server authenticates to the client by sending it a digital certificate, and if the client decides to trust the server, the process continues.

    The client generates a session key and encrypts it with the server’s public key. This encrypted key is sent to the Web server, and they both use this
    symmetric key to encrypt the data they send back and forth.




    0



    0

Leave a Reply