CISSP PRACTICE QUESTIONS – 20210601

Effective CISSP Questions

Your company sells toys online through a large-scale web-based E-commerce system. You are applying for an X.509 certificate to support secure transmission. Which of the following is most feasible? (Wentz QOTD)
A. Submit a PKCS #10 file containing the key pair to the registration authority.
B. Install the issued certificate on the load balancer instead of the web servers.
C. Download a validated X.509 certificate in a .pfx file from the validation authority.
D. Authenticate to the certification authority for the approval of the certificate signing request.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Install the issued certificate on the load balancer instead of the web servers.

Image Credit: ssl2buy
  • The private key should be kept secret. It’s not a good idea to submit a PKCS #10 file containing the key pair, which includes the private key, to the registration authority.
  • The registration authority authenticates the applicant for the approval of the certificate signing request.
  • A validated X.509 certificate in a .pfx file is downloaded from the certificate authority.
  • The issued certificate should be on the web servers. However, it’s common to install the issued certificate on the load balancer to offload the SSL/TLS traffic from web servers.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

貴公司通過一個大型網站的電子商務系統在線銷售玩具。 您正在申請X.509的數位憑證以支持安全傳輸。 以下哪項是最可行的?(QOTD)
A. 向註冊機構(RA)提交包含密鑰對(key pair)的PKCS #10文件。
B. 在負載平衡器而不是 Web 服務器上安裝頒發的憑證。
C. 從驗證機構(VA)下載以.pfx檔案簽發的X.509證書。
D. 向證書頒發機構(CA)進行身份驗證以批准證書籤名請求。

Leave a Reply