SY0-301 · Question #186
Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?
The correct answer is A. Trust Model. A PKI trust model defines how certificate authorities in different PKI hierarchies establish mutual trust, enabling entities in separate PKIs to validate each other's certificates.
Question
Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?
Options
- ATrust Model
- BRecovery Agent
- CPublic Key
- DPrivate Key
How the community answered
(50 responses)- A94% (47)
- C2% (1)
- D4% (2)
Why each option
A PKI trust model defines how certificate authorities in different PKI hierarchies establish mutual trust, enabling entities in separate PKIs to validate each other's certificates.
Trust models such as cross-certification and bridge CA architectures allow distinct PKI hierarchies to recognize and validate certificates issued by each other's CAs. This mechanism enables lower-level domains or separate organizations to access resources protected by a different PKI without requiring a single shared root.
A recovery agent is a designated entity authorized to decrypt data when a user's private key is lost; it has no role in establishing cross-PKI trust.
A public key is a cryptographic artifact used for encryption and signature verification within an established trust relationship, not the mechanism that creates that trust between PKIs.
A private key is kept secret by its owner for decryption and signing operations; it plays no role in configuring inter-PKI trust relationships.
Concept tested: PKI cross-certification and trust model
Source: https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/certificate-trust
Topics
Community Discussion
No community discussion yet for this question.