🔥 3-day streak
CompTIA SecurityX (CAS-005)45 / 120
Question 45 of 120

A security engineer is designing a mobile field-inspection application that must store a per-device private key used to sign inspection records. The organization requires that the private key never be exportable, that key operations be gated by biometric user presence, and that the backend be able to cryptographically verify the key was generated and is stored inside the device's hardware security module rather than in software. Which approach best satisfies all of these requirements?

Reviewed for accuracy · Report an issueNext question