nerdexam
(ISC)2

CISSP · Question #317

Digital certificates used in Transport Layer Security (TLS) support which of the following?

The correct answer is B. Non-repudiation controls and data encryption. Digital certificates in TLS serve to authenticate identities (non-repudiation) and establish encrypted sessions (data encryption) using asymmetric and symmetric cryptography. Non-repudiation and encryption are the two core security functions certificates enable in TLS.

Submitted by layla.eg· Mar 5, 2026Communication and Network Security

Question

Digital certificates used in Transport Layer Security (TLS) support which of the following?

Options

  • AInformation input validation
  • BNon-repudiation controls and data encryption
  • CMulti-Factor Authentication (MFA)
  • DServer identity and data confidentially

How the community answered

(39 responses)
  • A
    8% (3)
  • B
    87% (34)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Digital certificates in TLS serve to authenticate identities (non-repudiation) and establish encrypted sessions (data encryption) using asymmetric and symmetric cryptography. Non-repudiation and encryption are the two core security functions certificates enable in TLS.

AInformation input validation

Input validation is an application-layer security control that sanitizes user-supplied data to prevent injection attacks, and is entirely unrelated to the cryptographic functions of digital certificates in TLS.

BNon-repudiation controls and data encryptionCorrect

Digital certificates in TLS provide non-repudiation by binding a public key to a verified identity via a Certificate Authority's digital signature, ensuring the sender cannot deny their identity. They also enable data encryption by facilitating the TLS handshake, during which asymmetric cryptography (from the certificate's key pair) negotiates session keys used for symmetric encryption of all subsequent data in transit.

CMulti-Factor Authentication (MFA)

Multi-Factor Authentication is an access control mechanism requiring multiple verification factors; digital certificates alone authenticate a server's identity but do not constitute a full MFA implementation on their own.

DServer identity and data confidentially

While server identity authentication and confidentiality are benefits of TLS, this answer is incomplete and imprecisely framed - certificates specifically provide non-repudiation through digital signatures, which is more precise than simply 'server identity,' and 'data confidentiality' omits the critical non-repudiation function.

Concept tested: Role of digital certificates in TLS security

Source: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-ssl-schannel-ssp-overview

Topics

#digital certificates#TLS#non-repudiation#data confidentiality

Community Discussion

No community discussion yet for this question.

Full CISSP Practice