nerdexam
ExamsSY0-301Questions#48
CompTIA

SY0-301 · Question #48

SY0-301 Question #48: Real Exam Question with Answer & Explanation

The correct answer is A: Root CA. In a PKI hierarchy, the root CA sits at the top of the trust chain and uses its self-signed certificate to sign and thereby certify the certificates of intermediate or subordinate CAs.

Question

Which of the following is used to certify intermediate authorities in a large PKI deployment?

Options

  • ARoot CA
  • BRecovery agent
  • CRoot user
  • DKey escrow

Explanation

In a PKI hierarchy, the root CA sits at the top of the trust chain and uses its self-signed certificate to sign and thereby certify the certificates of intermediate or subordinate CAs.

Common mistakes.

  • B. A recovery agent is an entity authorized to decrypt data encrypted by other users for recovery purposes and has no role in certifying CA hierarchy members.
  • C. Root user is an operating system account with administrative privileges and is not a PKI component involved in certificate signing.
  • D. Key escrow is a mechanism for storing copies of encryption keys with a trusted third party for recovery and is unrelated to certifying intermediate authorities.

Concept tested. PKI hierarchy and root CA signing intermediate CAs

Reference. https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/server-certificate-deployment-overview

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice