Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate-based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned
about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from
capturing credentials used to authenticate users to the new service or keys to decrypt that communication?
Use of OATH between the user and the service and attestation from the company domain
Use of active directory federation between the company and the cloud-based service
Use of smartcards that store x.509 keys, signed by a global CA
Use of a third-party, SAML-based authentication service for attestation