SY0-301 · Question #743
Which of the following is a requirement when implementing PKI if data loss is unacceptable?
The correct answer is C. Key escrow. Key escrow ensures encryption keys are stored with a trusted third party, preventing permanent data loss if a key is lost or an employee leaves.
Question
Which of the following is a requirement when implementing PKI if data loss is unacceptable?
Options
- AWeb of trust
- BNon-repudiation
- CKey escrow
- DCertificate revocation list
How the community answered
(67 responses)- A4% (3)
- C94% (63)
- D1% (1)
Why each option
Key escrow ensures encryption keys are stored with a trusted third party, preventing permanent data loss if a key is lost or an employee leaves.
Web of trust is a PGP-based model for validating key authenticity through peer vouching, not a mechanism for key recovery or preventing data loss.
Non-repudiation ensures a sender cannot deny having sent a message, which is an authentication guarantee unrelated to recovering lost keys or data.
Key escrow is the practice of depositing a copy of cryptographic keys with a trusted third party or escrow agent. If the original key holder loses access or leaves the organization, the escrowed key can be retrieved, making it the required PKI component when data loss is unacceptable.
A Certificate Revocation List identifies revoked certificates but provides no mechanism to recover lost encryption keys or the data they protect.
Concept tested: PKI key escrow for data recovery
Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration
Topics
Community Discussion
No community discussion yet for this question.