CompTIA CASP+ (CAS-004) — Question 160

A security administrator needs to implement an X.509 solution for multiple sites within the human resources department. This solution would need to secure all subdomains associated with the domain name of the main human resources web server. Which of the following would need to be implemented to properly secure the sites and provide easier private key management?

Answer options

• A. Certificate revocation list
• B. Digital signature
• C. Wildcard certificate
• D. Registration authority
• E. Certificate pinning

Correct answer: C

Explanation

The correct answer is C, the Wildcard certificate, as it allows a single certificate to secure multiple subdomains, simplifying management of private keys. The other options do not provide the same level of convenience for managing multiple subdomains: a Certificate revocation list is for listing revoked certificates, a Digital signature is for verifying authenticity, a Registration authority is for issuing certificates, and Certificate pinning involves associating a host with its expected certificate.