CDPSE Question #152: Real Exam Question with Answer & Explanation

Question

An organization Wishes to deploy strong encryption to its most critical and sensitive databases. Which of the following is the BEST way to safeguard the encryption keys?

Options

• AEnsure key management responsibility is assigned to the privacy officer.
• BEnsure the keys are stored in a remote server.
• CEnsure the keys are stored in a cryptographic vault.
• DEnsure all access to the keys is under dual control_

Explanation

The best way to safeguard the encryption keys is to ensure that they are stored in a cryptographic vault. A cryptographic vault is a secure hardware or software module that provides cryptographic services and protects the keys from unauthorized access, modification, or disclosure. A cryptographic vault can also provide other functions, such as key generation, key backup, key rotation, key destruction, and key auditing. A cryptographic vault can enhance the security and privacy of the encrypted data by preventing key compromise, leakage, or misuse. A cryptographic vault can also comply with the security standards and best practices for key management, such as the ISO/IEC 27002, NIST SP 800-57, or PCI DSS.

No community discussion yet for this question.