Based on the exhibit, which key management improvement best preserves recoverability if the primary backup server is lost?
The private key must be protected separately from the primary backup server so the encrypted AES key can still be recovered if the server is lost. An HSM or secure escrow improves key protection while preserving recoverability, especially when paired with tested restoration procedures and restricted access controls.
Why this answer
Option C is correct because storing the private key in a Hardware Security Module (HSM) or secure escrow ensures it remains available even if the primary backup server is lost. HSMs provide tamper-resistant key storage and support tested recovery procedures, which is critical for decrypting backups and maintaining recoverability. This approach separates the key from the backup data, preventing a single point of failure.
Exam trap
The trap here is that candidates may assume storing the key with the backup data (Option A) is efficient, but they overlook that it destroys recoverability when the server is lost, which is the exact failure scenario the question describes.
How to eliminate wrong answers
Option A is wrong because storing the private key on the same backup server creates a single point of failure; if the server is lost, both the backup data and the key are gone, making recovery impossible. Option B is wrong because hashing is a one-way function that cannot be reversed to recover original data, so replacing AES with hashing would make the archive permanently unreadable and unrecoverable. Option D is wrong because sending the private key by email exposes it to interception, violates security best practices (e.g., NIST SP 800-57), and does not guarantee tested, reliable recovery procedures.