CompTIA CASP+ (CAS-004) — Question 626

A security analyst is configuring an IPSec tunnel to use the strongest encryption currently available. Which of the following algorithms should be deployed to provide the most secure initial key exchange?

Answer options

• A. 3DES
• B. ECDSA
• C. ECDH
• D. AES

Correct answer: C

Explanation

ECDH (Elliptic Curve Diffie-Hellman) is designed specifically for secure key exchange, making it the best choice for this scenario. While AES and 3DES are encryption algorithms, they do not serve the purpose of key exchange, and ECDSA is primarily used for digital signatures rather than key establishment.