nerdexam
CompTIA

SY0-301 · Question #743

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

The correct answer is C. Key escrow. Key escrow ensures encryption keys are stored with a trusted third party, preventing permanent data loss if a key is lost or an employee leaves.

General security concepts

Question

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

Options

  • AWeb of trust
  • BNon-repudiation
  • CKey escrow
  • DCertificate revocation list

How the community answered

(67 responses)
  • A
    4% (3)
  • C
    94% (63)
  • D
    1% (1)

Why each option

Key escrow ensures encryption keys are stored with a trusted third party, preventing permanent data loss if a key is lost or an employee leaves.

AWeb of trust

Web of trust is a PGP-based model for validating key authenticity through peer vouching, not a mechanism for key recovery or preventing data loss.

BNon-repudiation

Non-repudiation ensures a sender cannot deny having sent a message, which is an authentication guarantee unrelated to recovering lost keys or data.

CKey escrowCorrect

Key escrow is the practice of depositing a copy of cryptographic keys with a trusted third party or escrow agent. If the original key holder loses access or leaves the organization, the escrowed key can be retrieved, making it the required PKI component when data loss is unacceptable.

DCertificate revocation list

A Certificate Revocation List identifies revoked certificates but provides no mechanism to recover lost encryption keys or the data they protect.

Concept tested: PKI key escrow for data recovery

Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration

Topics

#PKI#key escrow#key management#data recovery

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice