CompTIA Security+ Question K-2

Peter, an employee, needs a certificate to encrypt data. Which of the following would issue Peter a certificate?

A. Certification authority
B. Key escrow
C. Certificate revocation list
D. Registration authority

Answer: A

Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.

CompTIA Security+ Question G-38

In which of the following scenarios is PKI LEAST hardened?

A. The CRL is posted to a publicly accessible location.
B. The recorded time offsets are developed with symmetric keys.
C. A malicious CA certificate is loaded on all the clients.
D. All public keys are accessed by an unauthorized user.

Answer: C

Explanation:
A rogue Certification Authority (CA) certificate allows malicious users to impersonate any Web site on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. A rogue CA certificate would be seen as trusted by Web browsers, and it is harmful because it can appear to be signed by one of the root CAs that browsers trust by default. A rogue Certification Authority (CA) certificate can be created using a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure Web sites.

CompTIA Security+ Question E-66

Which of the following types of trust models is used by a PKI?

A. Transitive
B. Open source
C. Decentralized
D. Centralized

Answer: D

Explanation:
PKI uses a centralized trust model. In a simple PKI a single centralized certification authority (CA). In a hierarchical trust model the root CA is the center of the model, with subordinate CAs lower in the hierarchy. Note: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and

procedures needed to create, manage, distribute, use, store, and revoke digital certificates. A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate.