CompTIA CASP+ (CAS-004) — Question 348

A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic. Which of the following should the security administrator use?

Answer options

• A. Salsa20 cipher
• B. TLS-based VPN
• C. PKI-based IKE IPSec negotiation
• D. Perfect forward secrecy

Correct answer: D

Explanation

The correct answer is D, Perfect forward secrecy, because it ensures that even if an encryption key is compromised, past sessions remain secure and cannot be decrypted. The other options do not provide this level of security, as they do not specifically address the issue of key compromise affecting previously encrypted data.