Don´t get what all those comments are about.
What function is performed by CA ?
Clearly issue CRL : A
Why someone here even mentions verify user Identity is CA job ? It is server job to verify clients certificate, verification is not job of CA itself. CA is queried just to verify the client's certificate is not tempered, not doing authentication.
Verifying user identities IS actually apart of a CA's responsibility.
"CAs VALIDATE organizations AND individuals to help ensure that only legitimate websites get a TLS certificate."
Before issuing a certificate, the CA WILL VERIFY the certificate requester’s information, like site ownership, name, location and more. CAs must adhere to stringent industry standards to ensure that every CA follows similar requirements for validation."
Source: https://www.digicert.com/blog/what-is-a-certificate-authority
Interesting question lol....
A & C are the best possible answers here.....
CRL Publishing is primarily a CA's responsibility. An RA CAN also handle revocation requests, but this function is LIMITED to an administrative task rather than a core responsibility.
Regarding user identity verification, a CA authenticates the identities of entities requesting digital certificates, ensuring that they possess the private key corresponding to the public key issued in the digital certificate. An RA is LIMITED in the fact that they do not perform full identity verification themselves, but rather assist in verifying the identity of the entity requesting the certificate.
Which answer is the BEST?
I would vote for C. My reason is because in this particular instance, an RA just do not possess the authority or capability to fully verify user identities.
Here's why option A (CRL publishing) isn't a clear distinction between CAs and RAs:
While CAs have the primary responsibility for CRL generation and publishing, RAs can be involved in the distribution process.
Verify user identity is very limited on RA, comparing to CA.
In summary, while the primary responsibility for CRL publishing typically rests with the CA, in certain scenarios, an RA may be delegated authority to assist with CRL management under the oversight and control of the CA.
The certificate request is sent to the PKI's RA to verify that the requestor has the right to request the certificate. The RA verifies the identity of the user and device and processes authentication credentials. If everything checks out, the RA forwards the certificate request to the CA to process. The CA then issues the digital certificate directly to the requesting device. If the RA denies the request, the requesting user or device is not permitted to continue the certificate request process.
https://www.techtarget.com/searchsecurity/definition/registration-authority#:~:text=The%20certificate%20request%20is,the%20certificate%20request%20process.
The function performed by certificate authorities (CAs) but is a limitation of registration authorities (RAs) is "CRL publishing".
CAs are responsible for issuing digital certificates to entities and managing the public key infrastructure (PKI) system, while RAs are responsible for verifying the identity of the entity requesting the certificate and forwarding the request to the CA.
CRL (Certificate Revocation List) publishing involves maintaining a list of revoked certificates and making it available to users and relying parties. This function is typically performed by CAs, as they are the ones responsible for managing the certificates they issue and revoking them if necessary.
"A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. "
The certificate request is sent to the PKI's RA to verify that the requestor has the right to request the certificate. The RA verifies the identity of the user and device and processes authentication credentials.
A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.
Look @ this https://www.techtarget.com/searchsecurity/definition/registration-authority
Here it states that it does everyting EXCEPT the issuing of the CERT. It also does revocation.
In short, answer 'A'
The Answer is C
In CISSP 8th Edition guide the following is mentioned:
Registration authorities (RAs) assist CAs with the burden of verifying users’ identities prior to issuing digital certificates. They do not directly issue certificates themselves, but they play an important role in the certification process, allowing CAs to remotely validate user identities.
The question is asking for operations a CA can do that an RA cannot. In a standard single CA deployment, the CA does everything including identity verification, which makes C wrong.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Rododendron2
11 months, 1 week agoTthurston1
10 months, 1 week agoTthurston1
12 months agoholydolev
1 year, 1 month agoMPoels
1 year, 1 month agoums008
1 year, 9 months agoffaiz
1 year, 10 months agosull3y
1 year, 11 months agoPremium_Pils
8 months, 1 week agostalkr3
2 years agostalkr3
2 years agominous123
2 years, 1 month agoCippy18
2 years, 2 months agojienBoq
2 years, 2 months agoCCNP21
2 years, 3 months agoEmlia1
2 years, 4 months agoEmlia1
2 years, 4 months agoNoUserName1234
2 years, 4 months agohous90
2 years, 4 months agohous90
2 years, 5 months agosmartcarter
2 years, 5 months agosmartcarter
2 years, 5 months ago