Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?
A.
Recovery agent
B.
Certificate authority
C.
Trust model
D.
Key escrow
Explanation:
If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered
key to access the data. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to
escrow, recovery agents are typically used to access information that is encrypted with older keys.
Incorrect Answers:
B: A certificate authority (CA) is an organization. A CA is responsible for issuing, revoking, and distributing certificates. A CA cannot recovery keys.
C: A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate. A trust model cannot recover keys.
D: Key escrow is not used to recover old keys.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are
held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is
generally the government, but it could also be an employer if an employee’s private messages have been called into question.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 279-280, 285-289