CompTIA Security Plus Mock Test Q1073

Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

A. Certification authority
B. Key escrow
C. Certificate revocation list
D. Registration authority


Correct Answer: A
Section: Cryptography

Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.

Incorrect Answers:
B: Key escrow is not related to issuing certificates.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.
C: A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. A CRL is not used to issue certificates.
D: A registration authority (RA) offloads some of the work from a CA. An RA system operates as a middleman in the process: It can distribute keys, accept registrations for the CA, and
validate identities. However, the RA doesn’t issue certificates; that responsibility remains with the CA.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 278-290