CompTIA CASP+ (CAS-004) — Question 376

Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead?

Answer options

• A. Key escrow service
• B. Secrets management
• C. Encrypted database
• D. Hardware security module

Correct answer: D

Explanation

A Hardware Security Module (HSM) is specifically designed to securely manage and store cryptographic keys and sensitive data, making it the best option for backing up MFA seeds. Other options, like a key escrow service or secrets management, may not provide the same level of security or may require more management overhead. An encrypted database, while secure, does not provide the specialized hardware support that an HSM does.