Question

A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Choose three.)
A. S/MIME
B. TLS
C. SFTP
D. SAML
E. SIP
F. IPSec
G. Kerberos

Answer 1

Answer:

A. S/MIME

B. TLS

C. Kerberos

Explanation:

PKI : Public Key Infrastructure is a technique which will allow services or applications to communicate securely across the unsecured network or internet.

PKI mainly consist of CA or Certificate Authority who can issue digital certificates or they are also known as trusted CA.  exmaples are godaddy, digicert, verizone, symmantec, etc.. and RA also known as Registration Authorities and they verify if the requested certificates can be stored at CA. Keys will be stored in the central directory.It will also consists of certificate management system and the policies governing PKI.

S/MIME : Secure/Multipurpose Internet Mail Extensions which use assymentric cryptography and sign the MIME data.   S/MIME will provide services like  Authentication, Encryption , Integrity, Privacy and Non repudiation for messaging applications

SMIME uses certificates which can be self signed or CA certified. It specifies MIME type as  $application/pkcs7-mime$  while transmitting the data.

TLS : Transport Layer Security. the earlier versions used to be known as SSL ( Secure Socket Layer) SSLv3 got depreciated and TLSv1.2/1.3 are popularly used to provide encryption, authentication, Integrity and Hashing for client to server side communication.

Most of the applications communicate securely using TLS.  They will establish secure TCP connection using SSL Handshake. During the Handshake they will exchange supported versions, ciphersuites and certificates. Applications which uses TLS always uses CA certificates and Inhouse applications can communicate using self signed certificate or even with CA certificates.

HTTPS which is also known as HTTP over SSL is widely used for almost all the web services to communicate securely across the internet.

Kerberos : It is a protocol used to prove the identity for two nodes which are communicating with each other. Kerberos uses both symmetric key cryptography and assymetric key cryptography. However, symmetric key cryptography is used widely and public key cryptography is used optionally.

Authentication server which is also known as AS is used to authenticate the requesting client.  It further forwards the user credentials to key distribution center. KDC further issues to TGT ( ticket granting ticket) and it uses TGS's secret key to encrypt. User will receive a encrypted output.  

When a User Login then The client authenticates itself to the Authentication Server (AS) which forwards the username to a key distribution center (KDC). The KDC issues a ticket-granting ticket (TGT), which is time stamped and encrypts it using the ticket-granting service's (TGS) secret key and returns the encrypted result to the user's workstation. Sessions will be renewed and managed by users session manager.