Which two key exchange algorithms consume the most resources when decrypting SSL traffic? (Choose two.)
Which two key exchange algorithms consume the most resources when decrypting SSL traffic? (Choose two.)
The two key exchange algorithms that consume the most resources when decrypting SSL traffic are ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) and DHE (Diffie-Hellman Ephemeral). Both ECDHE and DHE provide Perfect Forward Secrecy (PFS), which ensures that each session key is unique and not derived from any other key, making the decryption process more resource-intensive. Unlike RSA, which uses the same key for multiple sessions, these ephemeral algorithms require more computational power due to their key exchange process, hence consuming more resources.
The way I remember this one is DHE. Think Diffie Hellman E. Just to jog your memory. BD
that's not the right way to think about it, the reason DHE is more resource intensive (while more secure) is that it uses PFS, therefore you have different keys for each TLS session and they key is not reused unlike in case of RSA
On the 1/23/24 exam
Which two key exchange algorithms consume the most resources when decrypting SSL traffic
Key exchange algorithm. Perfect forward secrecy (PFS) ephemeral algorithms such as DHE and ECDHE consume more resources than RSA. https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/prepare-to-deploy-decryption/size-the-decryption-firewall-deployment
B and D
B, D are correct
Correct as per https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/prepare-to-deploy-decryption/size-the-decryption-firewall-deployment