CompTIA CASP+ (CAS-004) — Question 309

An IoT device implements an encryption module built within its SoC, where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacture do if the private key is compromised?

Answer options

• A. Use over-the-air updates to replace the private key.
• B. Manufacture a new IoT device with a redesigned SoC.
• C. Replace the public portion of the IoT key on its servers.
• D. Release a patch for the SoC software.

Correct answer: B

Explanation

If the private key is compromised and stored in a write-once read-many section, the only secure solution is to manufacture a new IoT device with a redesigned SoC (B). Over-the-air updates (A) would not be effective since the compromised key cannot be changed. Replacing the public key (C) does not resolve the issue of the compromised private key, and releasing a patch (D) does not address the core problem of the private key's security.