CompTIA SecurityX (CAS-005) — Question 41

A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution. Which of the following must happen first?

Answer options

• A. Use Distinguished Encoding Rules (DER) for the certificate.
• B. Extract the private key from the certificate.
• C. Use an out-of-band method to obtain the certificate.
• D. Compare the retrieved certificate with the embedded certificate.

Correct answer: C

Explanation

The correct answer is C because before pinning the X.509 certificate, the architect needs to obtain the certificate through a secure method. Options A and B are not relevant to the initial step of obtaining the certificate, and D assumes that the certificate has already been acquired, which is not the case.