exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 437 discussion

Actual exam question from CompTIA's CAS-004
Question #: 437
Topic #: 1
[All CAS-004 Questions]

The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation?

  • A. PKCS #10 is still preferred over PKCS #12.
  • B. Private-key CSR signage prevents on-path interception.
  • C. There is more control in using a local certificate over a third-party certificate.
  • D. There is minimal benefit in using a certificate revocation list.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
1 week, 2 days ago
Selected Answer: D
CRL is used to track revoked certificates. When a client attempts to validate a certificate, the client's system consults the CRL to see if the certificate has been revoked. If it has, the validation fails, and the connection is denied. While a CRL is an important security measure, its benefit is diminished when using a self-signed certificate because self-signed certificates are not trusted by third-party validation systems. Since a self-signed certificate does not have a trusted issuing Certificate Authority (CA), its revocation status is irrelevant to the trust chain. Therefore, the argument that there is minimal benefit in using a CRL is valid in the context of using self-signed certificates.
upvoted 1 times
Steel16
1 week, 2 days ago
o B. Private-key CSR signage prevents on-path interception: This option is incorrect. Private-key CSR (Certificate Signing Request) signage refers to the process of digitally signing the CSR with the private key, which is a message sent from an applicant to a certificate authority (CA) to apply for a digital certificate. While it adds a layer of security to the certificate creation process, it does not prevent on-path interception. On-path interception attacks target the communication between the client and the server, not the certificate itself. On-path interception, also known as a man-in-the-middle (MITM) attack, is prevented by using certificates issued by trusted third-party CAs. These certificates ensure that the identity of the server is verified by a trusted authority, making it difficult for attackers to impersonate the server and intercept communications.
upvoted 1 times
...
...
ChopSNap
8 months ago
Selected Answer: B
B. Private-key CSR signage prevents on-path interception. Using a digitally signed third-party certificate ensures that the certificate is trusted and verified, reducing the risk of man-in-the-middle attacks and ensuring secure communications.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago