Exam CAS-004 topic 1 question 201 discussion

This is a repeat question to #178

KEY ROTATION - Purposely changing keys on a periodic basis to mitigate issues associated with brute force attacks or unidentified key breach incidents. Previous key must be revoked as part of the rotation process.

A. it is same question with different choises as Q178

This is not "Key rotation" , "Key rotation" because refers to the practice of periodically replacing an old cryptographic key with a new one at a planned interval, The right answer is Zeroization which is used in cryptography to prevent sensitive parameters from being disclosed if the equipment is captured. It's also used to automatically erase or destroy data when a system transitions to a state where an adversary might have access to the data.

Key rotation is a security practice that involves periodically replacing cryptographic keys with new ones to enhance the security of a system. This process is crucial for managing cryptographic materials used for encryption, decryption, digital signatures, and other security-related operations. Key rotation helps mitigate the risk associated with long-term exposure of cryptographic keys and limits the potential impact of a compromised key.

Key rotation. The question is how to protect the data that has an exposed key. Obviously, zeriozation is non-applicable. Cryptographic obfuscation is also not applicable. The data is already encrypted i.e. cryptographically obfuscated. A key rotation would re-encrypt the data on the website with new keys, protecting it and preventing the use of the old keys. Repeat of 178 https://cpl.thalesgroup.com/blog/data-protection/encryption-key-rotation-data-security

I feel the answer is A here. Key Rotation allows you to actually revoke a key and use a new one. Key escrow simply holds the key/keys for you. This really doesn't help you with revoking a key, which needs to be done since your encryption is compromised, as the question illustrates.

I'll go with A, Key Rotation is most effective in protecting data. Key Escrow in simple terms is if you loose an encryption key, the CA will give you a key to decrypt stuff.