CISSP · Question #317
Digital certificates used in Transport Layer Security (TLS) support which of the following?
The correct answer is B. Non-repudiation controls and data encryption. Digital certificates in TLS serve to authenticate identities (non-repudiation) and establish encrypted sessions (data encryption) using asymmetric and symmetric cryptography. Non-repudiation and encryption are the two core security functions certificates enable in TLS.
Question
Options
- AInformation input validation
- BNon-repudiation controls and data encryption
- CMulti-Factor Authentication (MFA)
- DServer identity and data confidentially
How the community answered
(39 responses)- A8% (3)
- B87% (34)
- C3% (1)
- D3% (1)
Why each option
Digital certificates in TLS serve to authenticate identities (non-repudiation) and establish encrypted sessions (data encryption) using asymmetric and symmetric cryptography. Non-repudiation and encryption are the two core security functions certificates enable in TLS.
Input validation is an application-layer security control that sanitizes user-supplied data to prevent injection attacks, and is entirely unrelated to the cryptographic functions of digital certificates in TLS.
Digital certificates in TLS provide non-repudiation by binding a public key to a verified identity via a Certificate Authority's digital signature, ensuring the sender cannot deny their identity. They also enable data encryption by facilitating the TLS handshake, during which asymmetric cryptography (from the certificate's key pair) negotiates session keys used for symmetric encryption of all subsequent data in transit.
Multi-Factor Authentication is an access control mechanism requiring multiple verification factors; digital certificates alone authenticate a server's identity but do not constitute a full MFA implementation on their own.
While server identity authentication and confidentiality are benefits of TLS, this answer is incomplete and imprecisely framed - certificates specifically provide non-repudiation through digital signatures, which is more precise than simply 'server identity,' and 'data confidentiality' omits the critical non-repudiation function.
Concept tested: Role of digital certificates in TLS security
Source: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-ssl-schannel-ssp-overview
Topics
Community Discussion
No community discussion yet for this question.