CompTIA Security Plus Mock Test Q823

Which of the following has a storage root key?

A. HSM
B. EFS
C. TPM
D. TKIP

Correct Answer: C
Section: Application, Data and Host Security

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key
generation and stores cryptographic keys, passwords, or certificates on non-volatile (NV) memory. Data stored on NV memory is retained unaltered when the device has no power.
The storage root key is embedded in the TPM to protect TPM keys created by applications, so that these keys cannot be used without the TPM.

Incorrect Answers:
A: Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is
available as an expansion card and can cryptographic keys, passwords, or certificates. However, the HSM does not have a storage root key.
B: Encrypting File System (EFS) is used to encrypt files or entire volumes in a Windows computer. It uses certificates to encrypt the data but do not have a storage root key.
D: TKIP (Temporal Key Integrity Protocol) is an encryption protocol used in Wireless networks. It was designed to provide more secure encryption than the relatively weak Wired
Equivalent Privacy (WEP) and does not have a storage root key.

References:
http://www.cs.bham.ac.uk/~mdr/teaching/modules/security/lectures/TrustedComputingTCG.html
http://en.wikipedia.org/wiki/Hardware_security_module
http://searchmobilecomputing.techtarget.com/definition/TKIP
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 171, 237