LPIC-3 Exam 303 (Security) — Question 2
Which of the following statements are true regarding the certificate of a Root CA? (Choose TWO correct answers.)
Answer options
- A. It is a self-signed certificate.
- B. It does not include the private key of the CA.
- C. It must contain a host name as the common name.
- D. It has an infinite lifetime and never expires.
- E. It must contain an X509v3 Authority extension.
Correct answer: A, B, E
Explanation
The correct answers are A, B, and E. A is true because a Root CA certificate is indeed self-signed. B is correct as it does not contain the private key, which is kept secure. Option C is incorrect because the common name does not necessarily need to be a host name, while D is false since even Root CA certificates have a defined expiration. Option E is true as it must include the X509v3 Authority extension.