CompTIA Security Plus Mock Test Q1122

A security administrator at a company which implements key escrow and symmetric encryption only, needs to decrypt an employee’s file. The employee refuses to provide the decryption key to the file. Which of the following can the administrator do to decrypt the file?

A. Use the employee’s private key
B. Use the CA private key
C. Retrieve the encryption key
D. Use the recovery agent


Correct Answer: C
Section: Cryptography

Explanation:
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee’s private
messages have been called into question.

Incorrect Answers:
A: Symmetric encryption uses only one shared key, which is the one that the one that employee refuses to provide.
B: Symmetric encryption uses only one shared key, which is the one that the one that employee refuses to provide.
D: Recovery agents are typically used to access information that is encrypted with older keys.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 249, 262