nerdexam
EC-Council

312-50V11 · Question #381

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

The correct answer is C. The CA is the trusted root that issues certificates.. The root CA is the top-level trust anchor in a PKI hierarchy, responsible for issuing certificates and establishing the chain of trust for all subordinate entities.

Cryptography

Question

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Options

  • AThe root CA is the recovery agent used to encrypt data when a user's certificate is lost.
  • BThe root CA stores the user's hash value for safekeeping.
  • CThe CA is the trusted root that issues certificates.
  • DThe root CA is used to encrypt email messages to prevent unintended disclosure of data.

How the community answered

(24 responses)
  • B
    8% (2)
  • C
    88% (21)
  • D
    4% (1)

Why each option

The root CA is the top-level trust anchor in a PKI hierarchy, responsible for issuing certificates and establishing the chain of trust for all subordinate entities.

AThe root CA is the recovery agent used to encrypt data when a user's certificate is lost.

A recovery agent is a distinct PKI role used for key escrow and private key recovery, entirely separate from the root CA's issuing function.

BThe root CA stores the user's hash value for safekeeping.

The root CA signs and issues X.509 certificates; storing user hash values is not a CA function and is unrelated to certificate authority operations.

CThe CA is the trusted root that issues certificates.Correct

The root CA is a self-signed certificate authority that sits at the apex of the PKI hierarchy. It issues certificates to intermediate CAs or directly to end entities, and all trust in the PKI chain ultimately flows from the root CA's trusted status. Operating systems and browsers ship with a built-in list of trusted root CAs precisely because they are the origin of all certificate trust.

DThe root CA is used to encrypt email messages to prevent unintended disclosure of data.

Email encryption relies on end-entity certificates such as those used in S/MIME; the root CA itself does not perform encryption of messages.

Concept tested: Root CA role and function in PKI hierarchy

Source: https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview

Topics

#PKI#root CA#certificate authority#digital certificates

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice