SY0-501 Question #108: Real Exam Question with Answer & Explanation

Question

Two users need to send each other emails over unsecured channels. The system should support the principle of non-repudiation. Winch of the following should be used to sign the users' certificates?

Options

• ARA
• BCA
• CCRL
• DCSR

Explanation

To enable non-repudiation for email communications, user certificates must be digitally signed, which is the primary function of a Certificate Authority.

Common mistakes.

• A. A Registration Authority (RA) primarily handles identity verification and processing certificate requests on behalf of a CA, but it does not have the authority to sign or issue certificates itself.
• C. A Certificate Revocation List (CRL) is a list published by a CA that contains certificates that have been revoked, used for checking certificate validity rather than signing new ones.
• D. A Certificate Signing Request (CSR) is a request submitted to a CA for a digital certificate, containing the public key and other identifying information, and is processed by the CA, not an entity that performs signing.

Concept tested. Certificate Authority role in PKI for non-repudiation

Reference. https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/adcs-what-is-a-certification-authority

No community discussion yet for this question.