Which of the following is the MOST secure method for storing encryption keys in an enterprise environment?
Using a key escrow system
In a hardware security module (HSM)
In an encrypted database
Embedded in application code
The correct answer is In a hardware security module (HSM). A Hardware Security Module (HSM) is specifically designed for secure key management and cryptographic operations. HSMs provide physical and logical protection for cryptographic keys, tamper evidence/resistance, and often FIPS 140-2 certification.
Embedded in application code is incorrect because it's highly insecure as it exposes keys to anyone with access to the code.
In an encrypted database is incorrect because while this can be relatively secure, it depends on how the database encryption key is protected, creating potential circular dependencies.
Using a key escrow system is incorrect because key escrow systems focus on key recovery rather than secure storage and introduce additional security considerations regarding the escrow agent.
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
All IT & Cybersecurity Package plans include the following perks and exams .
Our pricing is simple. Full access to all certifications and exams in each package, for one price.
As many practice tests for as many topics as you want.
Use study mode non-stop, no limits.
Access to our AI assistant, Bash, trained to help you pass your exam.
Track your scores over time in study mode and report cards.
See how you improve over time, and where you need to focus.
Access our store with even bigger discounts than before.
Unlimited access to all performance questions and be prepared for the real thing.
All IT & Cybersecurity Package plans include unlimited access to the following study materials.
Create an account or sign in to access our study materials.