PrepAway - Latest Free Exam Questions & Answers

Which command should you run?

You have a computer that runs Windows 7.
The Encrypting File System (EFS) key is compromised.
You need to create a new EFS key.
Which command should you run?

PrepAway - Latest Free Exam Questions & Answers

A.
Certutil -GetKey

B.
Cipher.exe /k

C.
Lcacls.exe /r

D.
Syskey.exe

Explanation:
10189 20191
Cipher
Displays or alters the encryption of folders and files on NTFS volumes. Used without parameters, cipher
displays the encryption state of the current folderand any files it contains.
Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to
view the encryption status of files and folders from a command prompt. The updated version adds another
security option. This new option is the ability to overwrite data that you have deleted so that it cannot be
recovered and accessed.
When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the
disk that was occupied by the deleted data is “deallocated.” After it is deallocated, the space is available for use
when new data is written to the disk. Until the space is overwritten, it is possible to recover the deleted data by
using a low-level disk editor or data-recovery software.
If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes a backup copy of
the file so that, if an error occurs during the encryption process, the data is not lost. After the encryption is
complete, the backup copy is deleted. As with otherdeleted files, the data is not completely removed until it has
been overwritten. The new version of the Cipher utility is designed to prevent unauthorized recovery of such
data.
/K Creates a new certificate and key for use with EFS. If this option is chosen, all the other optionswill be
ignored. By default, /k creates a certificate and key that conform to current group plicy. If ECC is specified, a
self-signed certificate will be created with the supplied key size.
/R Generates an EFS recovery key and certificate, then writes them to a .pfx file (containing certificate and
private key) and a .cer file (containing only the certificate). An administrator may add the contents of the .cer to
the EFS recovery policy to create the recovery for users, and import the .pfx to recover individual files. If
SmartCard is specified, then writes the recovery key and certificate to a smart card. A .cer file is generated
(containing only the certificate). No .pfx file is genereated. By default, /R creates an 2048-bit RSA recovery key
and certificate. If EECC is specified, it must be followed by a key size of 356, 384, or 521.


Leave a Reply