CompTIA Security+ (SY0-601) — Question 239

A company wants to deploy PKI on its internet-facing website. The applications that are currently deployed are:

• www.company.com (main website)
• contactus.company.com (for locating a nearby location)
• quotes.company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

Answer options

• A. SAN
• B. Wildcard
• C. Extended validation
• D. Self-signed

Correct answer: B

Explanation

The Wildcard certificate is the most suitable choice as it can secure all subdomains of a primary domain with a single certificate, which includes both current and future applications like store.company.com. A SAN certificate could also be viable but does not provide the same level of flexibility for unlimited subdomains as a Wildcard certificate. Extended validation certificates focus on verification processes rather than subdomain coverage, and self-signed certificates are not trusted by browsers for public use.