SY0-701 · Question #564
SY0-701 Question #564: Real Exam Question with Answer & Explanation
The correct answer is D: Self-signed. A self-signed certificate is issued and signed by the same entity that uses it, rather than by a trusted Certificate Authority (CA) - so browsers and operating systems have no way to verify its legitimacy and display an "insecure" warning. This is common on internal sites where a
Question
When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?
Options
- AWildcard
- BRoot of trust
- CThird-party
- DSelf-signed
Explanation
A self-signed certificate is issued and signed by the same entity that uses it, rather than by a trusted Certificate Authority (CA) - so browsers and operating systems have no way to verify its legitimacy and display an "insecure" warning. This is common on internal sites where admins create their own certificates to avoid cost or complexity.
Why the distractors are wrong:
- A. Wildcard - A wildcard cert (e.g.,
*.company.com) covers multiple subdomains but is issued by a trusted CA, so it wouldn't trigger an insecure warning. - B. Root of trust - This refers to the foundational CA certificate that browsers inherently trust; it wouldn't cause a warning.
- C. Third-party - A third-party cert is issued by a recognized CA (like DigiCert or Let's Encrypt), which browsers already trust, so no warning appears.
Memory tip: Think "self-signed = self-vouching" - just like you can't be your own character reference in a job application, a certificate that vouches for itself isn't trusted by anyone else.
Topics
Community Discussion
No community discussion yet for this question.