A company’s security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security
administrator should take?

A.
Install a registration server.

B.
Generate shared public and private keys.

C.
Install a CA

D.
Establish a key escrow policy.

Explanation:
PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital
certificates. When you implement a PKI you should start by installing a CA.
Incorrect Answers:
A: When you implement a PKI you are not required to install a registration server. You can rely on a public registration authority server.
B: To generate shared public and private keys you would need a CA.
D: A key escrow policy is not required for a PKI.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are
held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is
generally the government, but it could also be an employer if an employee’s private messages have been called into question.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 278-290