Exam SY0-501 topic 1 question 166 discussion

It is A for sure. Since the cert has not expired that implies it was self signed but the browser does not trust it. non of the other choices explain the symptoms.

“I agree it’s not “C” given the last sentence of the question, however, “A” is completely valid since you can indeed have/use a self signed certificate for an internet facing website. Furthermore, using a self-signed certificate would show up as an “untrusted” website until employees/customers actually install(trust) the CA certificate chain that was used to generate/issue your self-signed certificate. Definitely not the best practice for a public facing website, but “A” is definitely feasible.”

i was wondering between A and B, but troubleshooting indicates something changed. A would make sense if this is a new website. and also - who uses private certs for public site (keyword customers)?

B for me

A is incorrect do to information is giving. Users receive errors, certificates won’t be self signed.

Answer A because self signed is untrusted and Your websites visitors have to proceed through a security warning page with error messages like “error_self_signed_cert” or “sec_error_untrusted_issuer” or “err_cert_authority_invalid” to access your content. This means that the users must manually click on the ”Accept Risk” button to open your website.

I'd go with A. message board has been great. Thanks to eveyone posting really helps. Take my exam this week.

How can it be C when the question clearly states: ...provided the certificate has not expired?

Valid and expiration are the same?

Can't be C because it has the period has passed but the question states certificate isn't expired. You can rule out D since we are not using a third party to validate certificates. This leaves us with A and B. I am going to go with A.

I would think that if it is not expired it has to be revoked.

How can it be "C" if the question says "provided that the certificate has not expired". This makes no sense.

It is not A >>> Self-signed certificates work just fine within your network for services that require certificates—applications and such on the corporate intranet, for example. There’s no reason to pay for certificates for internal use. Make certain those self-signed or untrustedsigned certificates never see the rest of the World (Mike Meyer’s CompTIA Security+ p. 99). It is not C >>> Certificates remain valid only for a specific period of time, and after that time they expire. A user cannot use an expired and thus invalid certificate. Most browsers and applications will display errors when trying to use or accept an expired certificate (Certificate Expiration, Suspension, and Revocation >>> Mike Meyer’s CompTIA Security+ p. 107-110). It should be B then.

Since it doesn't say it has expired, it should be A. A self signed CA isn't normally trusted.

Was thinking if it is 'B or 'A', after some research - It is 'B'. Corporate website - A website that is used to officially represent a brand on the Internet, and which is often used as the landing page for advertising content. So, why would every customer/user need to import your self-signed CA? It is not some kind of internal website. And yes, if intermediate CA is revoked and added to CRL, then cert is invalid, everything is correct.

Won’t go with A since the users and customers are reporting errors. Question does not mention that this is a new website. Something went wrong which is causing the error hence troubleshooting. Invalid and/or expired certs should give the same error. B sounds like the best answer

I believe it is B