How long will the master key typically remain valid in a session?

• A. Until revoked
• B. Duration of the session
• C. One hour after creation
• D. Indefinitely until server restart

Answer: (B)

The master key typically remains valid for the duration of the session. This means that as long as the session is active and ongoing, the master key can be used for various encryption and decryption processes related to that session. Once the session ends, the master key will usually no longer be valid or usable, ensuring that any keys associated with that session are terminated for security purposes. This approach minimizes the risk of unauthorized access or data breaches that could occur if keys were to remain active beyond their intended use.

While other options suggest that the key could remain valid until revoked or indefinitely until a server restart, these scenarios would not adhere to standard security practices. A master key should be limited to the context of its respective session to enhance security and limit potential vulnerabilities. The one-hour lifespan option does not align with the session-based validity, as the length of validity is closely tied to session activity rather than a fixed time frame.