Last Updated on December 23, 2021 by Admin
Which of the following statement correctly describes one way SSL authentication between a client (e.g. browser) and a server (e.g. web server)?
- Only the server is authenticated while client remains unauthenticated
- Only the client is authenticated while server remains authenticated
- Client and server are authenticated
- Client and server are unauthenticated
In one way authentication only server needs to be authenticated where as in mutual authentication both the client and the server needs to be authenticated.
For CISA exam you should know the information below about Secure Socket Layer (SSL) and Transport Layer Security (TLS)
These are cryptographic protocols which provide secure communication on Internet. There are only slight difference between SSL 3.0 and TLS 1.0. For general concept both are called SSL.
SSL is session-connection layer protocol widely used on Internet for communication between browser and web servers, where any amount of data is securely transmitted while a session is established. SSL provides end point authentication and communication privacy over the Internet using cryptography. In typical use, only the server is authenticated while client remains unauthenticated. Mutual authentication requires PKI development to clients. The protocol allows application to communicate in a way designed to prevent eavesdropping, tampering and message forging.
SSL involves a number of basic phases
Peer negotiation for algorithm support
Public-key, encryption based key exchange and certificate based authentication
Symmetric cipher based traffic encryption.
SSL runs on a layer beneath application protocol such as HTTP, SMTP and Network News Transport Protocol (NNTP) and above the TCP transport protocol, which forms part of TCP/IP suite.
SSL uses a hybrid hashed, private and public key cryptographic processes to secure transmission over the INTERNET through a PKI.
The SSL handshake protocol is based on the application layer but provides for the security of the communication session too. It negotiates the security parameter for each communication section. Multiple session can belong to one SSL session and the participating in one session can take part in multiple simultaneous sessions.
The following were incorrect answers:
The other choices presented in the options are not valid as in one way authentication only server needs to be authenticated where as client will remain unauthenticated.
CISA review manual 2014 Page number 352