Certified Information Systems Security Professional (CISSP) — Question 375
The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the
BEST solution to securely store the private keys?
Answer options
- A. Physically secured storage device
- B. Trusted Platform Module (TPM)
- C. Encrypted flash drive
- D. Public key infrastructure (PKI)
Correct answer: B
Explanation
The Trusted Platform Module (TPM) is specifically designed to securely store cryptographic keys, making it the best choice for private key storage due to its hardware-based security features. Other options like an encrypted flash drive or physically secured storage devices do not offer the same level of security and integrity against tampering as a TPM. Public key infrastructure (PKI) refers to the framework for managing digital certificates, not a storage solution for private keys.