CompTIA Security+ (SY0-501) — Question 806

A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?`

Answer options

• A. HSM
• B. CA
• C. SSH
• D. SSL

Correct answer: A

Explanation

The best solution for the CIO is to implement a Hardware Security Module (HSM), as it provides a secure environment for key management and limits access. Certificate Authorities (CA), SSH, and SSL do not specifically focus on the secure storage and management of encryption keys, making them less suitable for the CIO's needs.