nerdexam
CompTIA

SY0-301 · Question #586

A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take?

The correct answer is C. Install a CA. A Public Key Infrastructure (PKI) is built on a Certificate Authority (CA), which is the trusted entity that issues, signs, and manages digital certificates. Without a CA, no other PKI component can function. Therefore, installing a CA (Option C) must be the first step. Option A

Security architecture

Question

A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take?

Options

  • AInstall a registration server.
  • BGenerate shared public and private keys.
  • CInstall a CA
  • DEstablish a key escrow policy.

How the community answered

(46 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    93% (43)

Explanation

A Public Key Infrastructure (PKI) is built on a Certificate Authority (CA), which is the trusted entity that issues, signs, and manages digital certificates. Without a CA, no other PKI component can function. Therefore, installing a CA (Option C) must be the first step. Option A (Install a registration server) - the Registration Authority (RA) is used to verify certificate requests before they go to the CA, but it depends on the CA already existing. Option B (Generate shared public and private keys) is incorrect because key pairs are generated as part of the certificate request process after the CA is established. Option D (Establish a key escrow policy) is a governance step that can be planned concurrently or afterward, but technically the CA infrastructure comes first.

Topics

#PKI#certificate authority#public key infrastructure#digital certificates

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice