During a TLS handshake, which sequence establishes a secure session?

• A. Server presents a certificate, a session key is negotiated using asymmetric cryptography, then symmetric keys are used for data transfer.
• B. Client sends a symmetric key directly to server.
• C. No keys are exchanged; trust is implicit.
• D. Data is transmitted unencrypted during handshake.

Answer: (A)

TLS establishes a secure session by first authenticating the server with its certificate, then using asymmetric cryptography to agree on a shared secret, from which symmetric session keys are derived for encrypting the actual data transfer. This separation—asymmetric key exchange to create a secret, then fast symmetric encryption for the ongoing communication—gives both security and efficiency. The server’s certificate provides identity and public-key material; the client and server perform a key-exchange (often using ephemeral Diffie-Hellman) to establish a shared secret, and from that secret both sides derive the symmetric keys used to encrypt and authenticate the data.

The other options don’t fit this flow: sending a symmetric key directly from client to server would expose it to interception; no keys exchanged would mean no encryption and no trust establishment; and data transmitted unencrypted during the handshake contradicts the goal of TLS to protect data from the outset.