Pete, an employee, is terminated from the company and the legal department needs documents from his
encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

A.
Private hash

B.
Recovery agent

C.
Public key

D.
Key escrow

E.
CRL

Explanation:
B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent
to retrieve his decryption key. We can use this recovered key to access the data.
A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext
messages as needed. As opposed to escrow, recovery agents are typically used to access information that
is encrypted with older keys.
D: If a key need to be recovered for legal purposes the key escrow can be used.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of
key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as
it relates to home mortgages) and made available if that third party requests them. The third party in
question is generally the government, but it could also be an employer if an employee’s private messages
have been called into question.
Incorrect Answers:
A: Private hash is not used within the PKI framework.
C: A public key is publically known and would not have to be retrieved.
E: A CRL is a locally stored record containing revoked certificates and revoked keys. A CRL cannot be used
to recover lost keys.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 262, 279-285, 285