CompTIA Security+ (SY0-501) — Question 829
A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the
Internet.
Which of the following should be used in the code? (Choose two.)
Answer options
- A. Escrowed keys
- B. SSL symmetric encryption key
- C. Software code private key
- D. Remote server public key
- E. OCSP
Correct answer: C, E
Explanation
The correct answers are C and E. The Software code private key (C) is essential for decrypting messages meant for the application, ensuring the validity of the key. OCSP (E) is used to check the revocation status of keys, ensuring they are still valid before establishing a connection. The other options do not directly address the need for key verification in this context.