Pete, an employee, is terminated from the company and the legal department needs documents from his
encrypted hard drive. Which of the following should be used to accomplish this task? (Choose two.)
B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to
retrieve his decryption key. We can use this recovered key to access the data.
A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages
as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted
with older keys.
D: If a key need to be recovered for legal purposes the key escrow can be used.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key
escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to
home mortgages) and made available if that third party requests them. The third party in question is generally
the government, but it could also be an employer if an employee’s private messages have been called into