CompTIA Security Plus Mock Test Q822

An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft?

A. Implement full disk encryption
B. Store on encrypted removable media
C. Utilize a hardware security module
D. Store on web proxy file system


Correct Answer: C
Section: Application, Data and Host Security

Explanation:
Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available
as an expansion card and can cryptographic keys, passwords, or certificates.

Incorrect Answers:
A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
B: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. Moving it to removable media would not improve its security as the removable
media would need to be attacked to the web proxy if the SSL/TLS private keys are to be used effectively.
D: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. However, simply installing it on the file system does not improve it’s security.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237