nerdexam
EC-Council

312-50V11 · Question #980

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemen

The correct answer is A. Key archival. When organizations store cryptographic keys in a secure repository (such as Active Directory) so they can be retrieved if lost, this practice is called key archival.

Cryptography

Question

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography?

Options

  • AKey archival
  • BKey escrow.
  • CCertificate rollover
  • DKey renewal

How the community answered

(19 responses)
  • A
    84% (16)
  • B
    11% (2)
  • D
    5% (1)

Why each option

When organizations store cryptographic keys in a secure repository (such as Active Directory) so they can be retrieved if lost, this practice is called key archival.

AKey archivalCorrect

Key archival is the cryptographic mechanism of storing a copy of a private or symmetric key in a secure, centralized repository - such as Active Directory - so it can be recovered by an authorized administrator. BitLocker uses this by backing recovery keys to AD DS, ensuring that if a user loses access, the key can be retrieved from the directory. This differs from escrow in that archival is primarily an organizational backup and recovery operation, not a third-party trust arrangement.

BKey escrow.

Key escrow specifically refers to an arrangement where keys are held by a neutral or trusted third party (often for legal/law enforcement access), not an internal organizational backup to Active Directory.

CCertificate rollover

Certificate rollover is the process of replacing an expiring certificate with a new one before it expires, which has no relation to storing or recovering existing cryptographic keys.

DKey renewal

Key renewal refers to extending or regenerating a key or certificate's validity period, not to archiving or recovering keys from a directory service.

Concept tested: BitLocker key archival in Active Directory

Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-key-management-faq

Topics

#key archival#BitLocker#cryptographic key management#Active Directory

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice