Your company has performed a security audit. This audit uncovers that some of the encryption keys that secure the company business-to-business (B2B) financial transactions with its partners may be too weak. The security administrator needs to ensure that financial transactions will not be compromised if a weak encryption key is found. What should the security administrator implement?

A. Implement PFS on all VPN tunnels.
B. Implement PFS on all SSH connections.
C. Enable entropy on all SSLv2 transactions.
D. Implement AES256-CBC for all encrypted data.

A
Explanation: The security administrator should implement PFS on all VPN tunnels. This will ensure that the B2B financial transactions will not be comprised if a weak encryption key is found. Perfect forward secrecy (PFS) ensures that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future.
None of the other options are correct. The B2B financial transactions should not use SSH connections. Entropy is the randomness collected by an application that is used in cryptography or other uses that require random data, which is often collected from hardware sources. AES256-CBC does not provide the same protection against compromise of a weak key as does PFS.