Which of the following is used to certify intermediate authorities in a large PKI deployment?
A. Root CA
B. Recovery agent
C. Root user
D. Key escrow
Correct Answer: A
The root CA certifies other certification authorities to publish and manage certificates within the organization.
In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information
provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t. This arrangement allows a high level of control at all
levels of the hierarchical tree. .
B: A recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. A recovery agent does not certify entities.
C: The root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. The root user does not certify entities.
D: Key escrow is not related to certifying authorities.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 278-290