CompTIA CASP+ Practice Test

What process should be implemented to ensure financial transactions are secure despite weak encryption?

• A. Periodic key rotation
• B. Public Key Infrastructure
• C. Perfect Forward Secrecy (PFS)
• D. Encryption key escrow

The correct answer is: Perfect Forward Secrecy (PFS)

To ensure financial transactions remain secure even when encryption is weak, implementing Perfect Forward Secrecy (PFS) is particularly effective. PFS is a property of secure communication protocols in which the compromise of one session key does not compromise past session keys. This means that even if an attacker manages to break the encryption of a specific session, they cannot access previously secured sessions or the keys used in them. By employing PFS, every new session generates a unique session key using ephemeral (temporary) keys, meaning even if an encryption key has been weakened or compromised, earlier transactions maintain their confidentiality. This is especially vital in financial transactions, where the integrity and privacy of data are paramount. The other options, while important in their own contexts, do not offer the same level of protection against the issues presented by weak encryption. For instance, periodic key rotation can help maintain security by changing keys regularly, but it doesn’t protect past sessions if the encryption is weak at the time of transmission. Public Key Infrastructure is essential for managing digital certificates and ensuring secure communications, but it doesn’t address backward security directly. Encryption key escrow, while useful for recovering keys, introduces potential vulnerabilities and considerations around trust, and it does not inherently protect against the risks of weak encryption.