During a penetration test, you learn that administrators will expose a web-based management console to users over the public Internet. To protect the confidentiality and integrity of the data exchanged between users' browsers and the console, which protocol should the team configure on the server?
HTTP - Ordinary web protocol that transmits requests and responses in plaintext
SSH - Secure Shell that encrypts terminal sessions and port forwarding, not native web page delivery
HTTPS - HTTP over TLS that encrypts and authenticates all browser traffic
FTPS - FTP wrapped in TLS that secures file transfers but is not intended for normal browser sessions
HTTPS wraps HTTP in TLS, encrypting and authenticating every request and response between the browser and the web server. This protects the session against eavesdropping and tampering. FTPS and SSH also rely on encryption, but they secure file-transfer and terminal traffic respectively, not ordinary web browsing. Plain HTTP offers no encryption at all.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is robust encryption?
Open an interactive chat with Bash
How does encryption protect browser sessions?
Open an interactive chat with Bash
What security routines are used for encrypted browsing?