CompTIA Security Plus Mock Test Q1092

An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA?

A. CSR
B. Recovery agent
C. Private key
D. CRL


Correct Answer: A
Section: Cryptography

Explanation:
In public key infrastructure (PKI) systems, a certificate signing request (also CSR or certification request) is a message sent from an applicant to a certificate authority in order to apply
for a digital identity certificate.
When you renew a certificate you send a CSR to the CA to get the certificate resigned.

Incorrect Answers:
B: You cannot use a Recovery agent to renew a certificate.
A recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. A recovery is not affected when a user is terminated.
C: You cannot submit a private key to the CA.
A private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages.
D: A CRL cannot be submitted to a CA.
A CRL is a database of revoked keys and signatures.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-280, 285
http://en.wikipedia.org/wiki/Certificate_signing_request