An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be
stored so that it is protected from theft?
A.
Implement full disk encryption
B.
Store on encrypted removable media
C.
Utilize a hardware security module
D.
Store on web proxy file system
Explanation:
Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities
(CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates.
Incorrect Answers:
A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be
stolen.
B: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. Moving it to removable media would not improve its
security as the removable media would need to be attacked to the web proxy if the SSL/TLS private keys are to be used effectively.
D: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. However, simply installing it on the file system does not
improve it’s security.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,