CompTIA Security+ Question K-64

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

A. Trust model
B. Public Key Infrastructure
C. Private key
D. Key escrow

Answer: D

Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow data can be kept at a trusted third party. Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees’ private communications, or governments, who may wish to be able to view the contents of encrypted communications.