Q1
An organization is building its own Public Key Infrastructure (PKI). The security architect has designed a two-tier hierarchy with an offline Root CA and an online Intermediate CA. The Intermediate CA will be responsible for signing certificates for all internal web servers. The diagram below shows the intended signing process. What is the most critical security measure for protecting the long-term integrity of this entire PKI? ```mermaid graph TD subgraph "Offline / Air-gapped" RootCA[Root CA Certificate & Private Key] end subgraph "Online Network" IntermediateCA[Intermediate CA Certificate & Private Key] WebServerCert[Web Server Certificate] end RootCA --"Signs"--> IntermediateCA IntermediateCA --"Signs"--> WebServerCert ```