CompTIA Security Plus Mock Test Q1068

A certificate authority takes which of the following actions in PKI?

A. Signs and verifies all infrastructure messages
B. Issues and signs all private keys
C. Publishes key escrow lists to CRLs
D. Issues and signs all root certificates


Correct Answer: D
Section: Cryptography

Explanation:
A certificate authority can issue multiple certificates in the form of a tree structure. A root certificate is part of a public key infrastructure (PKI) scheme. The most common commercial
variety is based on the ITU-T X.509 standard, which normally includes a digital signature from a certificate authority (CA).
Note: In cryptography and computer security, a root certificate is an unsigned public key certificate (also called self-signed certificate) that identifies the Root Certificate Authority (CA).

Incorrect Answers:
A: A CA does not sign or verify infrastructure messages.
B: The CA issues and sign public keys, not private keys.
In cryptography, a PKI(Public key infrastructure) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The primary role of the
CA is to digitally sign and publish the public key bound to a given user.
C: A CA would not publish key escrow lists.
Key escrow is the process of storing keys or certificates for use by law enforcement.
Law enforcement has the right, under subpoena, to conduct investigations using these keys.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 278-290