Which statement best reflects the security goal of TLS 1.3?

Forward secrecy is the security goal shown here. It means that if the server’s private key is compromised after a session has ended, that compromise cannot expose the plaintext of what was previously exchanged. TLS 1.3 achieves this by using ephemeral Diffie-Hellman (ECDHE) for each connection to derive fresh session keys. The keys that protect the session data are created during the handshake and then discarded, so the long-term private key isn’t needed to decrypt past traffic. The server’s private key is only used to authenticate the handshake, not to decrypt the data from prior sessions. That’s why a later private-key compromise doesn’t reveal past communications. The other statements don’t reflect this security property: symmetric encryption is used after the handshake; public-key operations are still used during the handshake for authentication; and requiring full chain revocation checks on every handshake isn’t the defining goal of TLS 1.3.