CompTIA Security Plus Mock Test Q1094

In which of the following scenarios is PKI LEAST hardened?

A. The CRL is posted to a publicly accessible location.
B. The recorded time offsets are developed with symmetric keys.
C. A malicious CA certificate is loaded on all the clients.
D. All public keys are accessed by an unauthorized user.


Correct Answer: C
Section: Cryptography

Explanation:
A rogue Certification Authority (CA) certificate allows malicious users to impersonate any Web site on the Internet, including banking and e-commerce sites secured using the HTTPS
protocol. A rogue CA certificate would be seen as trusted by Web browsers, and it is harmful because it can appear to be signed by one of the root CAs that browsers trust by default.
A rogue Certification Authority (CA) certificate can be created using a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure Web sites.

Incorrect Answers:
A: The CRL should be readily accessible. It should be posted on a publically accessible location.
A CRL is a database of revoked keys and signatures.
B: Incorrect time offsets is much less of a security threat compared to a rogue Certification Authority certificate.
D: Public keys are public and can be accessed by anyone.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-285
http://www.webopedia.com/TERM/R/rogue_certification_authority_certificate.html