CompTIA Security+ (SY0-501) — Question 285

A security analyst is implementing PKI-based functionality to a web application that has the following requirements:
✑ File contains certificate information
✑ Certificate chains
✑ Root authority certificates
✑ Private key
All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements?

Answer options

• A. .pfx certificate
• B. .cer certificate
• C. .der certificate
• D. .crt certificate

Correct answer: A

Explanation

The .pfx certificate format is designed to hold a complete certificate chain, including the private key and is password-protected, making it ideal for this scenario. The .cer and .crt formats typically only contain the public certificate and do not include the private key, while .der is a binary format that also does not provide the necessary features required in this case.