nerdexam
ExamsSY0-301Questions#500
CompTIA

SY0-301 · Question #500

SY0-301 Question #500: Real Exam Question with Answer & Explanation

The correct answer is A: It can decrypt messages of users who lost their private key.. A data recovery agent holds a special certificate that allows it to decrypt data encrypted by other users, specifically to address situations where a user's private key has been lost.

Question

Which of the following is true about the recovery agent?

Options

  • AIt can decrypt messages of users who lost their private key.
  • BIt can recover both the private and public key of federated users.
  • CIt can recover and provide users with their lost or private key.
  • DIt can recover and provide users with their lost public key.

Explanation

A data recovery agent holds a special certificate that allows it to decrypt data encrypted by other users, specifically to address situations where a user's private key has been lost.

Common mistakes.

  • B. A recovery agent cannot recover or reconstruct both the private and public key of any user; its function is to decrypt data using its own certificate, not to restore key pairs.
  • C. A recovery agent does not provide users with their lost private key; it decrypts the protected data on their behalf using its own credentials, leaving the original private key unrecoverable.
  • D. Public keys are not secret and do not require recovery; the recovery agent's function is specifically about decrypting data, not retrieving or distributing public keys.

Concept tested. Data recovery agent decrypting data for users with lost private keys

Reference. https://learn.microsoft.com/en-us/windows/security/information-protection/encrypting-file-system/encrypting-file-system-overview

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice