Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?

A.
SSL or TLS

B.
802.1X

C.
ARP Cache Security

D.
SSH – Secure Shell

Explanation:
SSL and TLS encrypt web application traffic to mitigate threats of sniffing attacks.
The SSL protocol was developed by Netscape in 1994 to secure Internet client-server transactions. The SSL
protocol authenticates the server to the client using public key cryptography and digital certificates. In addition,
this protocol also provides for optional client to server authentication. It supports the use of RSA public key
algorithms, IDEA, DES and 3DES private key algorithms, and the MD5 hash function. Web pages using the
SSL protocol start with HTTPs. SSL 3.0 and its successor, the Transaction Layer Security (TLS) 1.0 protocol
are defacto standards. TLS implements confidentiality, authentication, and integrity above the Transport Layer,
and it resides between the application and TCP layer. Thus, TLS, as with SSL, can be used with applications
such as Telnet, FTP, HTTP, and email protocols. Both SSL and TLS use certificates for public key verification
that are based on the X.509 standard.
Incorrect Answers:
B: The 802.1X standard is a port-based network access control that ensures a user cannot make a full network
connection until he is properly authenticated. 802.1X is not used to encrypt web application traffic.
C: ARP Cache Security can prevent ARP Cache poisoning attacks. However, it is not used to encrypt web
application traffic.
D: SSH (Secure Shell) is a set of protocols that are primarily used for remote access over a network by
establishing an encrypted tunnel between an SSH client and an SSH server. SSH is not used to encrypt web
application traffic.

Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of ComputerSecurity, John Wiley & Sons, New York, 2001, p. 160