Which is a valid requirement for secure crypto key storage?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Which is a valid requirement for secure crypto key storage?

Explanation:
Protect cryptographic keys by keeping them secure and separate from the data they protect. Using a secure key store (such as a hardware security module or a dedicated key management service) with strong access controls, rotation, and auditing is the right approach. This setup supports envelope encryption, where data is encrypted with a data key and that data key is itself encrypted with a master key stored securely. If ciphertext is stolen, the data remains protected without the corresponding keys. Storing keys in plaintext on servers is risky because anyone who gains access to those servers could decrypt the data. Distributing keys to all developers increases the chance of leakage and violates least-privilege principles. Storing keys in public cloud storage is inappropriate unless that storage is tightly protected with proper controls, which is not the standard or most secure practice.

Protect cryptographic keys by keeping them secure and separate from the data they protect. Using a secure key store (such as a hardware security module or a dedicated key management service) with strong access controls, rotation, and auditing is the right approach. This setup supports envelope encryption, where data is encrypted with a data key and that data key is itself encrypted with a master key stored securely. If ciphertext is stolen, the data remains protected without the corresponding keys.

Storing keys in plaintext on servers is risky because anyone who gains access to those servers could decrypt the data. Distributing keys to all developers increases the chance of leakage and violates least-privilege principles. Storing keys in public cloud storage is inappropriate unless that storage is tightly protected with proper controls, which is not the standard or most secure practice.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy