In order to use a two-way trust model the security administrator MUST implement which of the
following?

A.
DAC

B.
PKI

C.
HTTPS

D.
TPM

Explanation:
PKI is a high level concept. Within a PKI you use a trust model to set up trust between Certification
Authorities (CAs).
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed
to create, manage, distribute, use, store, and revoke digital certificates.
Incorrect Answers:
A: DAC cannot be used to setup trust models.
Discretionary access control (DAC) is a type of access control defined by the Trusted Computer System
Evaluation Criteria “as a means of restricting access to objects based on the identity of subjects and/or
groups to which they belong. The controls are discretionary in the sense that a subject with a certain
access permission is capable of passing that permission (perhaps indirectly) on to any other subject
(unless restrained by mandatory access control)”.
C: HTTPS is just a protocol. You cannot use HTTPS to set up trust models.
HTTPS is a communications protocol for secure communication over a computer network, with especially
wide deployment on the Internet.
D: Trusted Platform Module (TPM) cannot be used to setup trust models.
A TPM can be used to assist with hash key generation. TPM is the name assigned to a chip that can store
cryptographic keys, passwords, or certificates. TPM can be used to protect smart phones and devices
other than PCs as well. It can also be used to generate values used with whole disk encryption such as
BitLocker.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 150, 151-152, 237, 274, 279-285, 290