Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate-based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is
concerned about the confidentiality of the mutual authentication. Which of the following model prevents
the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that
communication?
A.
Use of OATH between the user and the service and attestation from the company domain
B.
Use of active directory federation between the company and the cloud-based service
C.
Use of smartcards that store x.509 keys, signed by a global CA
D.
Use of a third-party, SAML-based authentication service for attestation