CompTIA CASP+ (CAS-004) — Question 343

A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?

Answer options

• A. RA
• B. OCSP
• C. CA
• D. IdP

Correct answer: A

Explanation

The denial would have occurred at the Registration Authority (RA) step, which is responsible for validating the identity of users before a certificate is issued. The OCSP (Online Certificate Status Protocol) is used for checking the revocation status of certificates, while the CA (Certificate Authority) issues certificates and the IdP (Identity Provider) handles user authentication, but they do not perform the initial identity verification that the RA does.