Exam CAS-004 topic 1 question 410 discussion

multiple domains mean SAN, single domain with multiple subdomains mean wildcard

The organization websites have .net and .org TLDs. A SAN certificate will cover multiple TLDs.

There's no SAN Certificate... Its a WILD CARD certificate that contains multiple Sub-Domains covered by the same certificate for the 1st level Domain.

There should be a typo at the A option: It should be like: The best solution in this case would be A. Purchase one certificate with multiple Subject Alternative Names (SANs).

D. Purchase one wildcard certificate. Chat GPT gave me this answer

Purchasing one wildcard certi fi cate is the best soluti on to protect multi ple websites hosted by an organizati on in acloud-hosted WAF. A wildcard certi fi cate is a type of SSL/TLS certi fi cate that can secure a domain name and anynumber of its subdomains with a single certi fi cate. For example, a wildcard certi fi cate for *.mycompany.com cansecure www.mycompany.com, campus.mycompany.com, and any other subdomain under mycompany.com. Awildcard certi fi cate can save costs and simplify management compared to purchasing individual certi fi cates foreach website.

D. Purchase one wildcard certificate. In this scenario, where the organization hosts multiple websites under different subdomains, purchasing a wildcard certificate would be the best solution. A wildcard certificate allows secure connections for multiple subdomains under the same domain using a single certificate. By using a wildcard certificate, the cloud security engineer can secure all websites hosted by the organization (www.mycompany.org, www.mycompany.com, campus.mycompany.com, wiki.mycompany.org) without the need to purchase separate certificates for each site. This approach would help save costs and simplify certificate management for the multiple websites. Additionally, users would still be able to notify the security engineer of any on-path attacks as the wildcard certificate would ensure secure connections to all websites.

A. Covers multiple domains and subdomains

A. Purchase one SAN certificate is the best choice as it directly addresses the need for a comprehensive and cost-effective solution to protect all the specified websites under one certificate, with formal recognition and trust from clients’ systems. This simplifies management, reduces costs, and provides a robust security solution compliant with industry standards.