CompTIA Security+ (SY0-501) — Question 158

An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?

Answer options

• A. Certificate pinning
• B. Certificate stapling
• C. Certificate chaining
• D. Certificate with extended validation

Correct answer: A

Explanation

Certificate pinning helps to ensure that a client only accepts a specific public key or certificate from a server, thus mitigating the risk of accepting fraudulent certificates from a compromised CA. The other options, such as certificate stapling, chaining, and extended validation, do not provide the same level of protection against unauthorized certificates issued by a compromised authority.