CompTIA Security Plus Mock Test Q1072

A company’s security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take?

A. Install a registration server.
B. Generate shared public and private keys.
C. Install a CA
D. Establish a key escrow policy.


Correct Answer: C
Section: Cryptography

Explanation:
PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. When
you implement a PKI you should start by installing a CA.

Incorrect Answers:
A: When you implement a PKI you are not required to install a registration server. You can rely on a public registration authority server.
B: To generate shared public and private keys you would need a CA.
D: A key escrow policy is not required for a PKI.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 278-290