KT-DP Encryption

A team proposes TLS 1.0 for legacy clients on an internet-facing API. What is the BEST security stance?

Multiple choice — select one answer

Answer choices

  1. a. Terminate TLS at the user's browser only, without security or identity team coordination per policy.
  2. b. Enable SSLv3 for compatibility, without security or identity team coordination per policy.
  3. c. Deprecate TLS 1.0/1.1 and document exceptions with compensating controls and timelines
  4. d. Use self-signed certs without rotation, without security or identity team coordination per policy.

Architectural breakdown & explanation

Legacy TLS is broken; phased migration beats indefinite weak protocols on public APIs.

Correct answer(s): c. Deprecate TLS 1.0/1.1 and document exceptions with compensating controls and timelines

Exam domain: Encryption (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Data Protection bank. Run a full timed practice exam with domain-weighted random questions in your browser.