SY0-501 · Question #143
SY0-501 Question #143: Real Exam Question with Answer & Explanation
The correct answer is A: Use certificates signed by the company CA. To comply with a policy mandating HTTPS for all internal websites without additional costs, leveraging an existing internal company Certificate Authority (CA) is the most effective solution.
Question
The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?
Options
- AUse certificates signed by the company CA
- BUse a signing certificate as a wild card certificate
- CUse certificates signed by a public ca
- DUse a self-signed certificate on each internal server
Explanation
To comply with a policy mandating HTTPS for all internal websites without additional costs, leveraging an existing internal company Certificate Authority (CA) is the most effective solution.
Common mistakes.
- B. Using a wildcard certificate is a method for simplifying certificate management across multiple subdomains, but it does not inherently address the cost constraint nor specify the type of CA needed to establish trusted internal certificates without additional expense.
- C. Certificates signed by a public CA would incur significant recurring costs for acquisition and renewal, directly violating the requirement to update the sites without incurring additional costs.
- D. Self-signed certificates require manual trust configuration on every client and generate security warnings, making them impractical, unscalable, and not a user-friendly solution for a company-wide security policy.
Concept tested. Internal PKI and Certificate Management for Web Servers
Community Discussion
No community discussion yet for this question.