A security audit has uncovered that some of the encryption keys used to secure your organization's business-to-business (B2B) private data exchange transactions with its partners are too weak. The security administrator needs to implement a process to ensure that private data exchange transactions will not be compromised if a weak encryption key is found. Which should the security administrator

implement?

A. Implement PFS on all VPN tunnels
B. Implement PFS on all SSH connections
C. Implement HMAC on all VPN tunnels
D. Implement HMAC on all SSH connections

A
Explanation: You should implement perfect forward secrecy (PFS) on all VPN tunnels to ensure that private data exchange transactions will not be compromised if a weak encryption key is found. PFS ensures that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future.
PFS should be implemented over a VPN tunnel for the partner connections, not over SSH connections. Secure Shell (SSH) allows secure connection to internal resources from remote locations.
You should not implement hash message authentication code (HMAC) on all VPN tunnels or SSH connections. Message authentication code (MAC) provides message integrity and authenticity. HMAC is a keyed-hash MAC that involves a hash function with symmetric key. HMAC provides data integrity and authentication. It will not help protect private data exchange transactions.