TLS: True Statements, Benefits, and Implementation | CCIE Security Exam | Cisco

True Statements about TLS | CCIE Security Exam

Prev Question Next Question


Which three statements are true about TLS? (Choose three.)



Click on the arrows to vote for the correct answer

A. B. C. D. E.


TLS (Transport Layer Security) is a cryptographic protocol designed to provide secure communication over a network. It is widely used to secure web transactions, email, instant messaging, and other forms of communication. Here are the explanations for each statement:

A. TLS protocol uses a MAC to protect the message integrity. True. Message Authentication Code (MAC) is a cryptographic checksum that ensures the integrity of the message. TLS uses a keyed-hash message authentication code (HMAC) algorithm to protect the message integrity. The HMAC algorithm uses a secret key shared between the communicating parties to generate a checksum for each message. The receiving party uses the same key and the same algorithm to verify the checksum and ensure that the message has not been tampered with.

B. TLS data encryption is provided by the use of asymmetric cryptography. False. TLS uses symmetric encryption to encrypt data. When a TLS session is established, the client and server negotiate a shared secret key that is used for symmetric encryption and decryption of the data. Asymmetric cryptography is used only for key exchange and authentication.

C. The identity of a TLS peer can be authenticated using public key or asymmetric cryptography. True. TLS supports both server and client authentication using asymmetric cryptography. In server authentication, the server presents its public key to the client, which verifies the authenticity of the server's certificate. In client authentication, the client presents its certificate to the server, which verifies the authenticity of the client's certificate.

D. TLS protocol is originally based on the SSL 3.0 protocol specification. True. TLS is based on the SSL (Secure Socket Layer) protocol, which was originally developed by Netscape in the mid-1990s. TLS is an improved version of SSL, and TLS 1.0 was designed to be backward compatible with SSL 3.0.

E. TLS provides support for confidentiality, authentication, and nonrepudiation. False. While TLS provides support for confidentiality and authentication, it does not provide nonrepudiation. Nonrepudiation is the ability to prove that a party has sent or received a message, and TLS does not provide this capability. Nonrepudiation is typically achieved using digital signatures, which are not a part of the TLS protocol.

In summary, the correct answers are A, C, and D.