An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of
the following describes how this private key should be stored so that it is protected from theft?

A.
Implement full disk encryption

B.
Store on encrypted removable media

C.
Utilize a hardware security module

D.
Store on web proxy file system

Explanation:
Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction
with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and
can cryptographic keys, passwords, or certificates.
Incorrect Answers:
A: Device encryption encrypts the data on the device. This feature ensures that the data on the device
cannot be accessed in a useable form should the device be stolen.
B: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests.
Moving it to removable media would not improve its security as the removable media would need to be
attacked to the web proxy if the SSL/TLS private keys are to be used effectively.
D: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests.
However, simply installing it on the file system does not improve it’s security.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237