What is required regarding retirement or replacement of keys when compromise is suspected?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

What is required regarding retirement or replacement of keys when compromise is suspected?

Explanation:
When there’s any suspicion that cryptographic keys may have been compromised, you must retire or replace the affected key and securely archive the retired key material. This protects data and systems because a compromised key could allow an attacker to decrypt sensitive information or forge signatures. Replacing the key creates new cryptographic material that isn’t accessible to the threat, and retiring the old key prevents it from being used again. Secure archival of retired keys is important for audits and forensic investigations, providing a trail of what happened and how the keys were managed. Why the other actions aren’t appropriate: reusing the compromised key keeps the door open for unauthorized access; deleting references and continuing uses leaves production in a risky state and undermines protection; publicly disclosing compromised keys is a separate communication step and does not itself stop misuse or prevent data exposure in the meantime.

When there’s any suspicion that cryptographic keys may have been compromised, you must retire or replace the affected key and securely archive the retired key material. This protects data and systems because a compromised key could allow an attacker to decrypt sensitive information or forge signatures. Replacing the key creates new cryptographic material that isn’t accessible to the threat, and retiring the old key prevents it from being used again. Secure archival of retired keys is important for audits and forensic investigations, providing a trail of what happened and how the keys were managed.

Why the other actions aren’t appropriate: reusing the compromised key keeps the door open for unauthorized access; deleting references and continuing uses leaves production in a risky state and undermines protection; publicly disclosing compromised keys is a separate communication step and does not itself stop misuse or prevent data exposure in the meantime.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy