A company CSO wants to verify that the SSL Negotiation Configuration policy of the ELBs supports perfect forward secrecy (PFS). What SSL Ciphers should the policy utilize to meet this requirement?

Answer options:

A.Protocol-TLSv1.2
B.ECDHE-*
C.RC4-MD5
D.Transposition Cipher

Answer: B
Option A is incorrect because this is the SSL protocol.
Option B is correct because Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) cipher suites support PFS.
Option C is incorrect because RC4-MD5 does not support PFS.
Option D is incorrect because any transposition cipher is a very weak cipher and does not support PFS.
Reference:
https://docs.aws.amazon.com/aws-backup/latest/devguide/infrastructure-security.html