CompTIA Security Plus Mock Test Q1070

Which of the following components MUST be trusted by all parties in PKI?

A. Key escrow
B. CA
C. Private key
D. Recovery key


Correct Answer: B
Section: Cryptography

Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. In a simple trust model all parties must trust the CA.
In a more complicated trust model all parties must trust the Root CA.

Incorrect Answers:
A: Key escrow is nothing that needs to be trusted.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.
C: A private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages.
D: A recovery key has no specific function within a PKI.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 278-290