ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization is building an internal PKI to issue code-signing certificates used to validate software released to customers. To ensure that digital signatures remain legally non-repudiable, which key-management practice must be explicitly forbidden in the Certification Practice Statement?
Requiring developers to renew their code-signing certificates and corresponding key pairs every 12 months
Storing the offline root CA's private key in a tamper-evident safe with dual-control access
Generating each key pair inside a hardware security module certified to FIPS 140-2 Level 3
Escrowing private code-signing keys so a recovery agent can decrypt copies
Non-repudiation hinges on the signer being the only entity that ever possesses the private signing key. If the organization escrows or otherwise stores copies of private signature keys so that a recovery agent can access them, multiple parties could generate identical signatures, destroying the ability to prove who actually signed the code. Generating keys in certified HSMs, enforcing periodic key regeneration, and protecting the root CA's private key with dual control all strengthen security without undermining non-repudiation. Therefore, prohibiting escrow of private signing keys is essential.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is private key escrow prohibited in code-signing PKI environments?
Open an interactive chat with Bash
What is a hardware security module (HSM) and how does it contribute to PKI security?
Open an interactive chat with Bash
What is non-repudiation in the context of PKI and digital signatures?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .