SSL Key Verification

CE.

The correct answers are D. Remote server public key and E. OCSP.

When a client establishes an SSL/TLS connection with a server, the client verifies the server's identity by checking the digital certificate presented by the server. The digital certificate contains the server's public key, which is used to encrypt data that only the server can decrypt. To ensure that the server's public key is valid, the client should check the certificate's signature against the trusted root certificate authorities (CAs) stored on the client's system. This process is called certificate validation.

Answer D, Remote server public key, is correct because the client needs to verify the server's public key to ensure that it belongs to the expected server. If the server's public key is compromised, an attacker can intercept and decrypt sensitive information transmitted between the client and server.

Answer E, OCSP (Online Certificate Status Protocol), is also correct because it allows the client to check the revocation status of the server's digital certificate. If the certificate has been revoked by the CA, the client should not establish a connection with the server, as the server's identity cannot be trusted.

Answer A, Escrowed keys, is incorrect because they are keys that are stored by a trusted third party, typically a government agency, to allow access to encrypted data in case of emergencies. They are not relevant to SSL/TLS connections.

Answer B, SSL symmetric encryption key, is incorrect because it is used to encrypt data transmitted between the client and server after the SSL/TLS connection has been established. It is not relevant to verifying the server's identity.

Answer C, Software code private key, is incorrect because it is a private key used by the developer to sign software code to prove its authenticity. It is not relevant to SSL/TLS connections.