CompTIA CASP+ (CAS-004) — Question 379

The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation?

Answer options

• A. PKCS #10 is still preferred over PKCS #12.
• B. Private-key CSR signage prevents on-path interception.
• C. There is more control in using a local certificate over a third-party certificate.
• D. There is minimal benefit in using a certificate revocation list.

Correct answer: B

Explanation

The correct answer is B because digitally signed third-party certificates provide a layer of trust and security by ensuring that the certificate is verified by a trusted authority, which helps prevent on-path interception. Options A and C do not directly address the security concerns, and option D misrepresents the importance of a certificate revocation list in maintaining security.