O'Reilly logo

CompTIA Security+ Certification Guide by Ian Neil

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Answers and explanations

  1. A CA has a root certificate that he uses to sign keys.
  2. I would use a private CA for internal use only; these certificates will not be accepted outside of your organization.
  3. I would use a public CA for b2b activities.
  4. If you were a military, security, or banking organization, you would keep the CA offline when it is not being used to prevent it being compromised.
  5. An architect would build the CA or intermediary authorities.
  6. The CA would sign the X509 certificates.
  7. Certificate pinning can be used to prevent a CA being compromised and fraudulent certificates being issued.
  8. If two separate PKI entities want to set up a cross certification, the Root CAs would set up a trust model between themselves, known as a bridge trust ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required