CompTIA Security Plus Mock Test Q1115

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

A. Web of trust
B. Non-repudiation
C. Key escrow
D. Certificate revocation list


Correct Answer: C
Section: Cryptography

Explanation:
Key escrow is a database of stored keys that later can be retrieved.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.

Incorrect Answers:
A: Web of trust is not used within the PKI domain. It is an alternative approach.
A web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its
decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such).
B: Nonrepudiation is a means of ensuring that transferred data is valid. Nonrepudiation is not used to store data.
D: A certification list is just a database of revoked keys and certificates, and does not store any other information.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-289, 285