The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?
Every employee will have a digital certificate. That means every of the them will have a private key stored in his device.
The private keys will be stored in the TPM of the users' devices.
PKI is a framework and irrelevant to storing the keys.
Not D - PKI is the overall framework for managing keys and certificates, but it does not specify or implement the storage mechanism for private keys itself.
Trusted Platform Module (TPM): A TPM is a hardware-based security module that is typically embedded on the motherboard of a computer system. It provides secure storage for cryptographic keys and other sensitive data. TPMs are designed to be tamper-resistant and can be used to protect against various attacks, including cold boot attacks and physical tampering.
A Trusted Platform Module (TPM) is a dedicated hardware chip designed to securely store cryptographic keys, including private keys. It provides hardware-based security by protecting the keys from unauthorized access and tampering. TPMs are widely recognized as one of the most secure options for storing private keys, especially within an internal certification authority (CA) environment, where the security of private keys is critical.
For key storage its pretty much always going to be a TPM or HSM.
Ima go with A as I think a Physically secure storage device is just another name for HSM
B - from CISSP Official Study Guide (Sybex) - Trusted Platform Module Modern computers often include a specialized cryptographic component known as a Trusted Platform Module (TPM). The TPM is a chip that resides on the motherboard of the device. The TPM serves a number of purposes, including the storage and management of keys used for full-disk encryption (FDE) solutions. The TPM provides the operating system with access to the keys only if the user successfully authenticates. This prevents someone from removing the drive from one device and inserting it into another device to access the drive's data.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (Sybex Study Guide) (p. 286). Wiley. Kindle Edition.
The best answer is B. Trusted Platform Module (TPM) because TPMs provide hardware-based security that is more resilient to external software attacks than software-based encryption solutions. They are designed to protect and store cryptographic keys securely within the hardware, making it a suitable option for securing the private keys of a certification authority.
B is the correct answer!
A Trusted Platform Module (TPM) is a specialized chip on a laptop or desktop computer that is designed to secure hardware with integrated cryptographic keys. A TPM helps prove a user's identity and authenticates their device.
In this case, the employees each own a TPM compliant device.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
oudmaster
Highly Voted 2 years, 4 months agoBigITGuy
Most Recent 1 month agorobervalchocolat
8 months, 1 week agoisaphiltrick
8 months, 3 weeks agoHardrvkllr
1 year agoeboehm
1 year, 1 month ago8b48948
1 year, 2 months agoeboehm
1 year, 1 month ago8b48948
1 year, 2 months agoGPrep
1 year, 4 months agoabenall
1 year, 6 months agoUkpes
1 year, 6 months agodimosatteia
1 year, 7 months agoSledge_Hammer
1 year, 7 months agoKelvinYau
1 year, 11 months agoA1nthem
2 years ago4study
2 years, 3 months agojackdryan
2 years agoJohnyDal
2 years, 3 months ago