CRISC Practice Test 2025 – The All-in-One Guide to Mastering Certified in Risk and Information Systems Control Exam!

In a secure socket layer (SSL) connection, the user authenticates the server primarily by verifying the identity certificate of the server. This process involves several key steps that ensure the server's legitimacy.

When a secure connection is established, the server presents its SSL certificate to the client (the user). This certificate is issued by a trusted certificate authority (CA), which serves as a third-party verifier. The client checks various aspects of the certificate, including whether it is valid, whether it has expired, and whether it is signed by a trusted CA. If the certificate passes these checks, the client can be confident about the server's identity. This process helps in preventing man-in-the-middle attacks, where a malicious party could impersonate the server to intercept or alter the transmitted data.

The other options, while related to security and authentication in various contexts, do not specifically pertain to the primary method of server authentication in SSL connections. Sending a public key does not confirm the server's identity; instead, it is part of the encryption process. Generating a random number and encrypting it is related to secure communication but does not directly deal with authenticating the server. Two-factor authentication typically refers to a method used to confirm a user's identity rather than a server