nerdexam
F5

101 · Question #478

Which three security controls are used in an SSL transaction? (Choose three.)

The correct answer is A. symmetric encryption D. digital certificates. SSL/TLS uses digital certificates for authentication and symmetric encryption for session data - note that the question states 'choose three' but the provided answer only lists two choices (A and D), with asymmetric encryption (C) being the expected third correct answer.

Section 4: Security Basics

Question

Which three security controls are used in an SSL transaction? (Choose three.)

Options

  • Asymmetric encryption
  • Bnetwork admission controls
  • Casymmetric encryption
  • Ddigital certificates
  • Edatabase encryption

How the community answered

(30 responses)
  • A
    90% (27)
  • C
    7% (2)
  • E
    3% (1)

Why each option

SSL/TLS uses digital certificates for authentication and symmetric encryption for session data - note that the question states 'choose three' but the provided answer only lists two choices (A and D), with asymmetric encryption (C) being the expected third correct answer.

Asymmetric encryptionCorrect

Symmetric encryption (e.g., AES) is used in SSL/TLS after the handshake to encrypt bulk session data efficiently, as it is far less computationally expensive than asymmetric operations for large data volumes.

Bnetwork admission controls

Network admission control (NAC) is a policy enforcement mechanism that governs device access to a network and is entirely separate from the SSL/TLS cryptographic protocol.

Casymmetric encryption

Asymmetric encryption (e.g., RSA/ECDHE) is actually a core SSL/TLS component used for key exchange during the handshake - its omission from the listed correct answers appears to be an error in the question.

Ddigital certificatesCorrect

Digital certificates (X.509) authenticate the server (and optionally the client) during the SSL/TLS handshake and carry the public key used in the asymmetric key exchange phase.

Edatabase encryption

Database encryption is a data-at-rest protection mechanism applied at the storage layer and is unrelated to the SSL/TLS transport security handshake.

Concept tested: SSL/TLS handshake security controls - encryption and authentication

Source: https://www.rfc-editor.org/rfc/rfc8446

Topics

#SSL#symmetric encryption#asymmetric encryption#digital certificates

Community Discussion

No community discussion yet for this question.

Full 101 Practice