nerdexam
ExamsCAS-002Questions#296
CompTIA

CAS-002 · Question #296

CAS-002 Question #296: Real Exam Question with Answer & Explanation

The correct answer is C: Maintainability. Running a mixed PKI environment with both 1024-bit and 2048-bit certificates creates a long-term maintainability problem. Managing two incompatible certificate standards simultaneously introduces lifecycle complexity that compounds over time.

Question

A security engineer has inherited an authentication project which integrates 1024-bit PKI certificates into the company infrastructure and now has a new requirement to integrate 2048-bit PKI certificates so that the entire company will be interoperable with its vendors when the project is completed. The project is now 25% complete, with 15% of the company staff being issued 1024-bit certificates. The provisioning of network based accounts has not occurred yet due to other project delays. The project is now expected to be over budget and behind its original schedule. Termination of the existing project and beginning a new project is a consideration because of the change in scope. Which of the following is the security engineer's MOST serious concern with implementing this solution?

Options

  • ASuccession planning
  • BPerformance
  • CMaintainability
  • DAvailability

Explanation

Running a mixed PKI environment with both 1024-bit and 2048-bit certificates creates a long-term maintainability problem. Managing two incompatible certificate standards simultaneously introduces lifecycle complexity that compounds over time.

Common mistakes.

  • A. Succession planning relates to personnel continuity, not the technical complexity of managing a dual-certificate PKI environment.
  • B. Performance differences between 1024-bit and 2048-bit PKI operations are negligible for authentication purposes and are not the primary concern here.
  • D. Availability is not directly threatened by the certificate key-size transition, as both certificate types can still authenticate users during the transition period.

Concept tested. PKI certificate lifecycle and mixed-standard maintainability

Reference. https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice