Ids

Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
In order for an IDS to examine inbound encrypted data, it must be configured with what?
Internal system’s private key
Internal system’s certificate
External system’s public key
Certificate Authority’s certificate

Comments

  • p@r0tuXus[email protected] Member Posts: 532 ■■■■□□□□□□
    I'll just leave this here:

    https://youtu.be/bLzBRRVY_Vs
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • mcollins301mcollins301 Registered Users Posts: 3 ■□□□□□□□□□
    Thank you this link was very helpful.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    That's an incomplete question CompTIA is full of. You have to assume that they are talking about TLS, as no answer would be correct for many other sorts of encrypted traffic.

    Also, we need to assume that inbound means TLS traffic that is initiated from the outside and coming to our internal web-server/reverse-proxy/balancer etc.

    In this case the correct answer is 1, because it is the only answer mentioning private key and you can't decrypt TLS with a public key which is only used for encrypting a session key and 4 is probably incorrect because of assumption 2 and because it's not necessarily true that the cert mentioned contains a private key.
Sign In or Register to comment.