Certified Ethical Hacker (CEH v12) — Question 297

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory.

What is this mechanism called in cryptography?

Answer options

• A. Key archival
• B. Certificate rollover
• C. Key escrow
• D. Key renewal

Correct answer: C

Explanation

The correct answer is 'Key escrow' because it refers to a method where cryptographic keys are stored securely and can be retrieved by authorized entities when necessary. 'Key archival' typically relates to storing keys for backup purposes but does not imply retrieval mechanisms like escrow. 'Certificate rollover' pertains to updating certificates rather than key recovery, and 'Key renewal' involves reissuing keys rather than storing them for later access.