nerdexam
(ISC)2

CISSP-ISSAP · Question #137

Which of the following is responsible for maintaining certificates in a public key infrastructure (PKI)?

The correct answer is C. Certification Authority. A Certification Authority (CA) is the trusted entity in a PKI responsible for issuing, signing, revoking, and maintaining digital certificates - it acts as the "notary" that vouches for public key ownership. A Domain Controller (A) manages authentication and directory services in

Identity and Access Management (IAM) Architecture

Question

Which of the following is responsible for maintaining certificates in a public key infrastructure (PKI)?

Options

  • ADomain Controller
  • BCertificate User
  • CCertification Authority
  • DInternet Authentication Server

How the community answered

(48 responses)
  • A
    8% (4)
  • B
    2% (1)
  • C
    88% (42)
  • D
    2% (1)

Explanation

A Certification Authority (CA) is the trusted entity in a PKI responsible for issuing, signing, revoking, and maintaining digital certificates - it acts as the "notary" that vouches for public key ownership. A Domain Controller (A) manages authentication and directory services in Windows networks but does not issue or manage certificates. A Certificate User (B) is simply the end entity that receives and uses a certificate, not the one that maintains them. An Internet Authentication Server (D) handles network access authentication (like RADIUS) and is unrelated to certificate lifecycle management.

Memory tip: Think of the CA as a Certificate Authority = Certificate Administrator - it's the only one with the authority and responsibility to administer the full certificate lifecycle in a PKI.

Topics

#Certification Authority#PKI Certificates#Certificate Management#X.509

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice