CompTIA CASP+ (CAS-004) — Question 489

A security architect wants to ensure a remote host’s identity and decides that pinning the X.509 certificate to the device is the most effective solution. Which of the following must happen first?

Answer options

• A. Use Distinguished Encoding Rules (DER) for the certificate.
• B. Extract the private key from the certificate.
• C. Use an out-of-band method to obtain the certificate.
• D. Compare the retrieved certificate with the embedded certificate.

Correct answer: C

Explanation

The correct answer is C because obtaining the certificate through an out-of-band method is essential before any verification can take place. Options A and B are not necessary initial steps in the process of certificate pinning, and option D cannot occur until the certificate is obtained.