The correct answer is B.
OBJ-3.7: The CTO conducted improper key handling by not encrypting the key on the memory card and not storing the memory card in a locked drawer or safe. Improper key handling occurs when private keys and symmetric keys are improperly protected or stored. Improper key handling can lead to data breaches, so any keys identified as having been improperly handled should be revoked and replaced. Key rotation is the process of purposely changing keys periodically to mitigate against brute force attacks and key disclosure compromises. During key rotation, the previous key is also revoked and invalidated. Rekeying is the process of changing an individual key during a communication session. Most communication protocols use session key rekeying to protect the data being transmitted. A rekeying is normally triggered based on the volume of data communicated or the amount of time since the last rekeying. A mismatched key error occurs is the wrong public/private key pair is used to decrypt data. The most common forms of this error are displayed as “key mismatch” or “X509_check_private_key”.