SY0-501 · Question #267
SY0-501 Question #267: Real Exam Question with Answer & Explanation
The correct answer is B: Intermediate authority. The certificate upload was rejected because the firewall administrator failed to include the intermediate authority certificate, which is a required component for completing the certificate trust chain between the end-entity certificate and the root CA.
Question
The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chain?
Options
- ACertificate revocation list
- BIntermediate authority
- CRecovery agent
- DRoot of trust
Explanation
The certificate upload was rejected because the firewall administrator failed to include the intermediate authority certificate, which is a required component for completing the certificate trust chain between the end-entity certificate and the root CA.
Common mistakes.
- A. A Certificate Revocation List (CRL) is used to check the revocation status of a certificate, not to build the trust path of the certificate chain itself.
- C. A recovery agent is a specific role, often used in scenarios like Encrypting File System (EFS) for key recovery, and is unrelated to completing a certificate trust chain.
- D. The root of trust is typically the root CA certificate, which the question states was already included in the uploaded file, indicating the issue is with the incomplete path leading to it.
Concept tested. Certificate chain building and validation components
Reference. https://learn.microsoft.com/en-us/windows/win32/seccrypto/certificate-chains#chain_building
Community Discussion
No community discussion yet for this question.