A security administrator must implement a system to allow clients to securely negotiate encryption keys with the
company’s server over a public unencrypted communication channel.
Which of the following implements the required secure key negotiation? (Choose two.)

A.
PBKDF2

B.
Symmetric encryption

C.
Steganography

D.
ECDHE

E.
Diffie-Hellman

Explanation:
Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each
having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This
shared secret may be directly used as a key, or better yet, to derive another key which can then be used to
encrypt subsequent communications using a symmetric key cipher. It is a variant of the Diffie–Hellman protocol
using elliptic curve cryptography.
Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym,
stands for Ephemeral Diffie-Hellman).
Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the
acronym letters; it is called Ephemeral Elliptic Curve Diffie-Hellman). It is the ephemeral component of each of
these that provides the perfect forward secrecy.