You have a computer that runs Windows 7.
The Encrypting File System (EFS) key is compromised.
You need to create a new EFS key.
Which command should you run?
A.
Certutil -getkey
B.
Cipher.exe /k
C.
Icacls.exe /r
D.
Syskey.exe
Explanation:
Cipher
Displays or alters the encryption of folders and files on NTFS volumes. Used without parameters,
cipher displays the encryption state of the current folder and any files it contains.
Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file
system and to view the encryption status of files and folders from a command prompt. The updated
version adds another security option. This new option is the ability to overwrite data that you have
deleted so that it cannot be recovered and accessed.
When you delete files or folders, the data is not initially removed from the hard disk. Instead, the
space on the disk that was occupied by the deleted data is “deallocated.” After it is deallocated, the
space is available for use when new data is written to the disk. Until the space is overwritten, it is
possible to recover the deleted data by using a low-level disk editor or data-recovery software.
If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes a backup
copy of the file so that, if an error occurs during the encryption process, the data is not lost. After
the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not
completely removed until it has been overwritten. The new version of the Cipher utility is designed
to prevent unauthorized recovery of such data.
/K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options
will be ignored. By default, /k creates a certificate and key that conform to current group plicy. If ECC
is specified, a self-signed certificate will be created with the supplied key size./R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing
certificate and private key) and a .CER file (containing only the certificate). An administrator may add
the contents of the .CER to the EFS recovery policy to create the recovery for users, and import the
.PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and
certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is
genereated. By default, /R creates an 2048-bit RSA recovery key and certificate. If EECC is specified,
it must be followed by a key size of 356, 384, or 521.