CompTIA Security+ (SY0-601) — Question 271

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Answer options

• A. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
• B. HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
• C. HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
• D. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023

Correct answer: C

Explanation

Option C is correct as it uses a wildcard at the secondary subdomain level and meets the annual rotation requirement. Options A and D use a wildcard at the primary level, which violates the specified requirement, while option B does not use a wildcard at all, making it unsuitable.