Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Exam ISSAP Topic 4 Question 12 Discussion

Actual exam question for ISC2's ISSAP exam
Question #: 12
Topic #: 4
[All ISSAP Questions]

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Which of the following components does the PKI use to list those certificates that have been revoked or are no longer valid?

Show Suggested Answer Hide Answer
Suggested Answer: C

longer valid, and therefore should not be relied upon. A CRL is generated and published periodically, after a defined timeframe. A CRL can also

be published immediately after a certificate has been revoked. The CRL is always issued by the CA which issues the corresponding certificates.

All CRLs have a lifetime during which they are valid; this timeframe is often 24 hours or less. During a CRL's validity period, it may be consulted

by a PKI-enabled application to verify a certificate prior to use.

Answer option A is incorrect. A certification Practice Statement (CPS) is a policy document, defined by the American Bar Association. The CPS is

associated with a certification authority (CA). It defines the measures that are used to secure CA operations and management of the

certificates issued by the CA. The CPS can be considered as an agreement between the organization managing the CA and the people relying

on the certificates issued by the CA.

Answer option B is incorrect. Certificate Policy is a policy statement defined in the X.509 standard. The CP is associated with a certificate. It

defines the measures that are used to validate a certificate's subject prior to certificate issuance and the CA's responsibilities regarding those

certificates. The CP is also considered as the certificate-issuance policy which can determine whether the presented certificate will be trusted

or not.

Answer option D is incorrect. A certification authority (CA) or certificate authority is an entity that issues digital certificates for use by other

parties. It is an example of a trusted third party. A CA issues digital certificates that contain a public key and the identity of the owner. The

matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The certificate is

also an attestation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted

in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the

information in the CA's certificates. A variety of standards and tests are used by CAs to do so.

If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to a person

identified in the certificate.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77