In order to use a two-way trust model the security administrator MUST implement which of the following?
Correct Answer: B
PKI is a high level concept. Within a PKI you use a trust model to set up trust between Certification Authorities (CAs).
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
A: DAC cannot be used to setup trust models.
Discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria “as a means of restricting access to objects based on the
identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject (unless restrained by mandatory access control)”.
C: HTTPS is just a protocol. You cannot use HTTPS to set up trust models.
HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.
D: Trusted Platform Module (TPM) cannot be used to setup trust models.
A TPM can be used to assist with hash key generation. TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect
smart phones and devices other than PCs as well. It can also be used to generate values used with whole disk encryption such as BitLocker.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 150, 151-152, 237, 274, 279-285, 290