SY0-301 · Question #745
The recovery agent is used to recover the:
The correct answer is D. Private key. A recovery agent is a designated account with special credentials that can decrypt data when a user's private key is lost or unavailable.
Question
The recovery agent is used to recover the:
Options
- ARoot certificate
- BKey in escrow
- CPublic key
- DPrivate key
How the community answered
(21 responses)- B5% (1)
- C5% (1)
- D90% (19)
Why each option
A recovery agent is a designated account with special credentials that can decrypt data when a user's private key is lost or unavailable.
Root certificates are the trust anchors for a PKI hierarchy and are not subject to recovery by a recovery agent.
The key in escrow is the deposited copy of a key held by a third party; the recovery agent itself is a role, not the escrowed key.
Public keys are freely distributed and never need recovery since they are not secret; recovery agents specifically target private key material.
The recovery agent holds a recovery certificate and private key that allows it to decrypt data encrypted by other users' private keys, specifically addressing scenarios where a user's private key is inaccessible or destroyed. This is distinct from key escrow in that the recovery agent credential is a purpose-built administrative keypair.
Concept tested: PKI recovery agent role for private key recovery
Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/encrypting-file-system/encrypting-file-system-efs-overview
Topics
Community Discussion
No community discussion yet for this question.