ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An e-commerce company runs its public website on Amazon EC2 instances behind an Application Load Balancer (ALB). A recent penetration test reports exposure to the BEAST attack because the ALB still negotiates SSLv3 and TLS 1.0 with CBC ciphers. Which change will most effectively remediate this weak protocol implementation without requiring application code changes?
Replace the current RSA server certificate with an Elliptic Curve certificate while leaving protocol support unchanged.
Reconfigure the architecture so TLS is terminated on each EC2 instance while the ALB operates in TCP passthrough mode.
Enable HTTP/2 on the ALB so the client and server communicate over a newer application layer protocol.
Apply an AWS managed security policy on the ALB that disables SSLv3 and TLS 1.0 and allows only TLS 1.2 with strong ciphers.
The BEAST attack exploits weaknesses in SSLv3 and early versions of TLS that rely on CBC-mode ciphers. The simplest remediation is to prevent the use of these legacy protocol versions and weak ciphers during the TLS handshake. Selecting an AWS predefined security policy that supports only TLS 1.2 (or newer) and strong cipher suites forces every client connection to use secure algorithms, eliminating BEAST exposure. Enabling HTTP/2 does not guarantee older protocols are disabled. Merely swapping to an ECC certificate keeps vulnerable protocols available if the ALB still offers them. Moving TLS termination to the instances retains the same weak protocols unless they, too, are reconfigured and adds operational overhead, so it is not the most direct fix.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the BEAST attack exploit?
Open an interactive chat with Bash
Why is TLS 1.2 preferred over older versions like SSLv3 and TLS 1.0?
Open an interactive chat with Bash
What is an AWS managed security policy for ALBs?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .