有人可以幫忙解釋一下嗎?
joanne lo
R5-10 當資料通過在交易夥伴伺服器上實施的SSL加密進行傳輸時,下面哪一個是最令人關注的?
A. 組織對加密沒有控制
B. 資訊遭到搭線竊聽
C. 資料沒有達到接收的目的地
D. 通信不安全
ans:A
moris
through Secure Sockets Layer (SSL) encryption, implemented on a
trading partner's server?
A. The organization does not have control over encryption.
B. Messages are subjected to wire tapping.
C. Data might not reach the intended recipient.
D. The communication may not be secure.
ANSWER: A
NOTE: The SSL security protocol provides data encryption, server
authentication, message integrity and optional client authentication.
Because SSL is built into all major browsers and web servers, simply
installing a digital certificate turns on the SSL capabilities. SSL
encrypts the datum while it is being transmitted over the Internet.
The encryption is done in the background, without any interaction from
the user; consequently, there is no password to remember. The other
choices are incorrect. Since the communication between client and
server is encrypted, the confidentiality of information is not
affected by wire tapping. Since SSL does the client authentication,
only the intended recipient will receive the decrypted data. All data
sent over an encrypted SSL connection are protected with a mechanism
to detect tampering, i.e., automatically determining whether data has
been altered in transit.
ym.l...@tw.pwc.com
現行公司所採用的SSL ,係將加密用的金鑰放在SERVER上
在取用/使用金鑰時 並不確定是否有額外的身份認證機制
如沒有的話 那任何交易都會自動使用SERVER的金鑰進行加密
那在使用(身份確認)上會有問題 應在所考量
梁亦銘 Yi-Ming(Sam) Liang | Associate Director, Consulting Service
------------------------------------------------------------------------------------------------------------------------------------------------
PricewaterhouseCoopers Taiwan | www.pwc.com/tw
Email: ym.l...@tw.pwc.com | Tel: +886 2 27296666 Ext. 23568 | Fax: +886 2
27296686 Ext. 23568 | Mobile: +886 972 235802
moris
<moris0928@gmail.
com> To
Sent by: CISA 201110
cisa201110@google <cisa2...@googlegroups.com>
groups.com cc
Subject
2011/11/30 09:41 [CISA201110] Re: 有人可以幫忙解釋一
下嗎?
Please respond to
cisa201110@google
groups.com
_________________________________________________________________
Unless specifically indicated, this email does not constitute formal advice or a commitment by the sender
or PricewaterhouseCoopers. The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from any computer.
joanne lo
On 11月30日, 下午1時13分, ym.li...@tw.pwc.com wrote:
> 答案的意思是指
>
> 現行公司所採用的SSL ,係將加密用的金鑰放在SERVER上
>
> 在取用/使用金鑰時 並不確定是否有額外的身份認證機制
>
> 如沒有的話 那任何交易都會自動使用SERVER的金鑰進行加密
>
> 那在使用(身份確認)上會有問題 應在所考量
>
> 梁亦銘 Yi-Ming(Sam) Liang | Associate Director, Consulting Service
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
> PricewaterhouseCoopers Taiwan |www.pwc.com/tw
> Email: ym.li...@tw.pwc.com | Tel: +886 2 27296666 Ext. 23568 | Fax: +886 2
