CompTIA Security+ (SY0-601) — Question 413

A security professional wants to enhance the protection of a critical environment that is used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

Answer options

• A. DLP
• B. HSM
• C. CA
• D. FIM

Correct answer: B

Explanation

The correct answer is B, HSM (Hardware Security Module), which is specifically designed to securely manage and protect encryption keys and is tamper-resistant. DLP (Data Loss Prevention), CA (Certificate Authority), and FIM (File Integrity Monitoring) do not provide the same level of physical security and tamper resistance for encryption key management.