A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
A. Key escrow
B. TPM presence
- **Key escrow:** This is important to ensure that encryption keys can be recovered in case they are lost or forgotten. It is a crucial consideration for Full Disk Encryption (FDE) to maintain access to data even if issues arise with the primary encryption keys.
- **TPM presence:** Trusted Platform Module (TPM) is a hardware-based security feature that can store encryption keys securely. Ensuring the presence of TPM on laptops enhances the security of FDE by protecting the encryption keys from being accessed or tampered with.
Therefore, the most important considerations for the security engineer are:
A. Key escrow
B. TPM presence
In the planning process, finding a safe place for the encryption key is the most important.
Key escrow is a software-based, and TPM is a hardware-based system where we can keep the encryption key for future decryptions.
Other options are not relevant in the planning process of FDE.
AB for sure.
Here is why E is not one of them (ai generated, but I agree with the answer)
Public key management is essential in many cryptographic processes, but it's not as directly relevant to Full Disk Encryption (FDE) for the following reasons:
FDE primarily uses symmetric encryption: Most FDE solutions rely on symmetric encryption, where the same key is used to both encrypt and decrypt the data. This differs from public key infrastructure (PKI), which involves asymmetric encryption, where a public key encrypts and a private key decrypts. While PKI is critical in other areas (like securing communications, emails, or verifying identities), it's not central to how FDE typically functions.
Public key management is more relevant for data in transit: PKI and public key management are often used for securing data in transit (e.g., SSL/TLS for web traffic) or ensuring non-repudiation (via digital signatures). FDE is focused on securing data at rest, where symmetric keys (often stored in TPM) are used for encryption, not public/private key pairs.
In this scenario, A. Key escrow and B. TPM presence are the most important considerations for implementing Full Disk Encryption (FDE) on laptops. These elements ensure that encryption keys are securely managed and stored, providing both data security and recoverability in case of lost keys, and that hardware-based security is used to protect against unauthorized access.
Key escrow is a method of storing encryption keys in a secure location, such as a trusted third party
or a hardware security module (HSM). Key escrow is important for FDE because it allows the recovery
of encrypted data in case of lost or forgotten passwords, device theft, or hardware failure. Key
escrow also enables authorized access to encrypted data for legal or forensic purposes.
TPM presence is a feature of some laptops that have a dedicated chip for storing encryption keys and
other security information. TPM presence is important for FDE because it enhances the security and
this one is tough because public key management is fundamental to full disc ecryption.
that being said, key escrow is arguably more important for the following reasons.
public key's are used to encrypt the data and the PRIVATE key is used to decrypt the data.
once the data is encrypted, i would argue who holds the keys (another department or another 3rd party) is more important than establishing the encryption (because thats kind of the easy part). TPM presence is even more fundamental to FDE than the public key is because without it, you cant even consider FDE. those are my thoughts going with AB for now. please share your thoughts. if i didnt pick AB i'd go BE
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Etc_Shadow28000
Highly Voted 10 months, 2 weeks ago9149f41
Most Recent 2 months, 3 weeks ago3dk1
6 months, 1 week agodbrowndiver
8 months, 3 weeks agoShaman73
10 months, 3 weeks agoshady23
11 months, 2 weeks agoshady23
11 months, 2 weeks agoFazliddin4515
11 months, 2 weeks agoYoez
11 months, 2 weeks agoe5c1bb5
11 months, 3 weeks ago