LPIC-3 Exam 303 (Security) — Question 8

An X509 certificate contains the following information:
X509v3 Basic Constraints: critical

CA:TRUE, pathlen:0 -
Which of the following statements are true regarding the certificate? (Choose THREE correct answers.)

Answer options

• A. This certificate belongs to a certification authority.
• B. This certificate may be used to sign certificates of subordinate certification authorities.
• C. This certificate may never be used to sign any other certificates.
• D. This certificate may be used to sign certificates that are not also a certification authority.
• E. This certificate will not be accepted by programs that do not understand the listed extension.

Correct answer: A, B, D

Explanation

The correct answers are A, B, and D because the certificate is marked as a CA with a pathlen of 0, allowing it to issue certificates for non-CA entities and subordinate CAs. Option C is incorrect as the certificate can indeed sign other certificates, and option E is not relevant to its functionality as it pertains to compatibility with programs.