Refer to the exhibit. Which component of the cipher suite provides perfect forward secrecy?
ECDHE uses ephemeral keys, ensuring forward secrecy.
Why this answer
ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) provides perfect forward secrecy (PFS) because it generates a unique, ephemeral session key for each TLS session. If the long-term private key is compromised, past session keys cannot be derived, as the ephemeral keys are discarded after use. This is defined in RFC 4492 and is a core property of ephemeral Diffie-Hellman key exchange.
Exam trap
ISC2 often tests the distinction between the protocol version (TLS 1.2) and the cipher suite components that actually implement PFS, leading candidates to incorrectly select TLS 1.2 because they associate it with modern security features.
How to eliminate wrong answers
Option B (TLS 1.2) is wrong because TLS 1.2 is a protocol version, not a component that provides PFS; it can support PFS if ECDHE or DHE cipher suites are negotiated, but the protocol itself does not guarantee PFS. Option C (AES256-GCM) is wrong because AES256-GCM is a symmetric encryption and authenticated encryption algorithm (AEAD) that protects data confidentiality and integrity, but it does not influence key exchange or provide PFS. Option D (SHA384) is wrong because SHA384 is a hash function used for message authentication in HMAC or for integrity checks in TLS, and it has no role in establishing ephemeral keys or PFS.