Two-way TLS, or mutual TLS (mTLS), enhances the security of a connection by requiring both the client and the server to prove their identities to each other using digital certificates. In the context of an Apigee target endpoint connection, Apigee acts as the client and the backend service is the server. With mTLS, Apigee verifies the backend's certificate, and the backend service verifies Apigee's certificate. This mutual authentication ensures that both parties are trusted before any data is exchanged, preventing unauthorized systems from connecting to the backend and protecting Apigee from man-in-the-middle attacks.

A. Sensitive data presented to end users will be encrypted

This is incorrect because mTLS on the target endpoint (southbound) connection encrypts data between Apigee and the backend, not directly for the end user.

C. End users can use the name of the system to verify that they are connecting to a trusted system.

This describes a benefit of standard one-way TLS on the client-to-Apigee (northbound) connection, not mutual TLS on the Apigee-to-target (southbound) connection.

D. All of the above

This is incorrect because options A and C are not benefits of mTLS for target endpoint connections.

---

1. Google Cloud Apigee Documentation

"Configuring TLS from Edge to the backend (Cloud and Private Cloud)": This document explicitly describes the process of mutual authentication. It states

"In two-way TLS

in addition to the server-side TLS authentication

the client also presents its certificate to the server for authentication... Two-way TLS is also called mutual TLS." This directly supports that both Apigee (as the client) and the target endpoint (the server) verify each other's identity.

2. Google Cloud Apigee Documentation

"About TLS/SSL": In the section "About two-way TLS/SSL

" the documentation clarifies the process: "For two-way TLS

the process is the same [as one-way TLS] except that the client also sends its certificate to the server for the server to verify." This confirms that the identity verification is mutual

involving both parties.