CompTIA Security+ (SY0-501) — Question 233

A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificate matches the host name. Which of the following should the security engineer use?

Answer options

• A. Wildcard certificate
• B. Extended validation certificate
• C. Certificate chaining
• D. Certificate utilizing the SAN file

Correct answer: D

Explanation

The correct choice is D because a certificate that employs the Subject Alternative Name (SAN) field allows multiple hostnames to be covered under one certificate, making it suitable for use on different servers. Option A, a wildcard certificate, is limited to subdomains of a single domain, while options B and C do not specifically address the need for multiple hostnames and are therefore not appropriate for this scenario.