nerdexam
CompTIA

SY0-301 · Question #500

Which of the following is true about the recovery agent?

The correct answer is A. It can decrypt messages of users who lost their private key.. A data recovery agent holds a special certificate that allows it to decrypt data encrypted by other users, specifically to address situations where a user's private key has been lost.

General security concepts

Question

Which of the following is true about the recovery agent?

Options

  • AIt can decrypt messages of users who lost their private key.
  • BIt can recover both the private and public key of federated users.
  • CIt can recover and provide users with their lost or private key.
  • DIt can recover and provide users with their lost public key.

How the community answered

(46 responses)
  • A
    91% (42)
  • B
    2% (1)
  • C
    4% (2)
  • D
    2% (1)

Why each option

A data recovery agent holds a special certificate that allows it to decrypt data encrypted by other users, specifically to address situations where a user's private key has been lost.

AIt can decrypt messages of users who lost their private key.Correct

A data recovery agent (DRA) is a designated entity with a specially issued certificate that allows it to decrypt EFS-protected files or other encrypted data on behalf of users who have lost their private key. The recovery agent uses its own certificate to perform decryption directly and does not reconstruct or return the original user's private key, making it accurate that it can decrypt messages/data for users whose private keys are gone.

BIt can recover both the private and public key of federated users.

A recovery agent cannot recover or reconstruct both the private and public key of any user; its function is to decrypt data using its own certificate, not to restore key pairs.

CIt can recover and provide users with their lost or private key.

A recovery agent does not provide users with their lost private key; it decrypts the protected data on their behalf using its own credentials, leaving the original private key unrecoverable.

DIt can recover and provide users with their lost public key.

Public keys are not secret and do not require recovery; the recovery agent's function is specifically about decrypting data, not retrieving or distributing public keys.

Concept tested: Data recovery agent decrypting data for users with lost private keys

Source: https://learn.microsoft.com/en-us/windows/security/information-protection/encrypting-file-system/encrypting-file-system-overview

Topics

#recovery agent#PKI#private key recovery#key management

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice