A company is concerned about man-in-the-middle attacks against its web applicati

Question

A company is concerned about man-in-the-middle attacks against its web application The company's web server is using TLS encryption, the session cookies are using long, high-entropy values and are sent after successful authentication Which of the following additional recommendations should the cybersecurity analyst make to prevent this type of attack? (Select TWO) Disable the use of TLSv1.2 Allow connections only from trusted IP addresses Use certificate pinning on the web server Use HTTP strict transport security Allow only high-security ciphering suites in the web server DE

Explanation / Answer

The first and for most important thing to ensure avoidance of man in the middle attack is the use of certificate. As using this method we can actually verify the authenticity of the other party. And apart for this, it would be same measure to only allow connections from trusted IP addresses.

So, option B and C should be selected.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.