nerdexam
CompTIA

SY0-301 · Question #745

The recovery agent is used to recover the:

The correct answer is D. Private key. A recovery agent is a designated account with special credentials that can decrypt data when a user's private key is lost or unavailable.

General security concepts

Question

The recovery agent is used to recover the:

Options

  • ARoot certificate
  • BKey in escrow
  • CPublic key
  • DPrivate key

How the community answered

(21 responses)
  • B
    5% (1)
  • C
    5% (1)
  • D
    90% (19)

Why each option

A recovery agent is a designated account with special credentials that can decrypt data when a user's private key is lost or unavailable.

ARoot certificate

Root certificates are the trust anchors for a PKI hierarchy and are not subject to recovery by a recovery agent.

BKey in escrow

The key in escrow is the deposited copy of a key held by a third party; the recovery agent itself is a role, not the escrowed key.

CPublic key

Public keys are freely distributed and never need recovery since they are not secret; recovery agents specifically target private key material.

DPrivate keyCorrect

The recovery agent holds a recovery certificate and private key that allows it to decrypt data encrypted by other users' private keys, specifically addressing scenarios where a user's private key is inaccessible or destroyed. This is distinct from key escrow in that the recovery agent credential is a purpose-built administrative keypair.

Concept tested: PKI recovery agent role for private key recovery

Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/encrypting-file-system/encrypting-file-system-efs-overview

Topics

#key recovery#key escrow#PKI#private key

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice