CompTIA Security Plus Mock Test Q1078

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

A. Private hash
B. Recovery agent
C. Public key
D. Key escrow
E. CRL


Correct Answer: B,D
Section: Cryptography

Explanation:
B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the
data.
A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to
access information that is encrypted with older keys.
D: If a key need to be recovered for legal purposes the key escrow can be used.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.

Incorrect Answers:
A: Private hash is not used within the PKI framework.
C: A public key is publically known and would not have to be retrieved.
E: A CRL is a locally stored record containing revoked certificates and revoked keys. A CRL cannot be used to recover lost keys.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-285, 285