CompTIA Security Plus Mock Test Q451

Some customers have reported receiving an untrusted certificate warning when visiting the company’s website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?

A. The intermediate CA certificates were not installed on the server.
B. The certificate is not the correct type for a virtual server.
C. The encryption key used in the certificate is too short.
D. The client’s browser is trying to negotiate SSL instead of TLS.

Correct Answer: A
Section: Compliance and Operational Security

Explanation:
In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t.

Incorrect Answers:
B: Nowhere in the question is mention made of virtual servers.
C: An untrusted certificate warning is not indicative of too short encryption keys.
D: Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method of establishing a session, TLS is based on SSL and the browser would not issue an untrusted certificate warning.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 75, 286