CompTIA CASP+ (CAS-004) — Question 172
A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)
Answer options
- A. EDE
- B. CBC
- C. GCM
- D. AES
- E. RSA
- F. RC4
- G. ECDSA
- H. DH
Correct answer: C, D, H
Explanation
The correct algorithms that provide forward secrecy and authenticated encryption with associated data are GCM (C), AES (D), and DH (H). GCM is an authenticated encryption mode that provides both confidentiality and integrity, AES is a strong encryption standard, and DH offers the key exchange mechanism necessary for forward secrecy. The other options either do not provide these features or are considered insecure.