Here’s the Answer to the Question posted on Facebook
Q. You need to submit a CSR to a CA. Which of the following would you do FIRST?
A. Generate a new RSA-based session key.
B. Generate a new RSA-based private key.
C. Generate the CRL.
D. Implement OCSP
Answer available until March 24, 2015.
|Get over 400 Security+ (SY0-401 questions here).|
[DAP publicUntil=”2015-3-24″ hasAccessTo=”56″ errMsgTemplate=”SHORT”]
Answer. B is correct. You create the RSA-based private key first and then create the matching public key from it, which you include in the certificate signing request (CSR) that you send to the Certificate Authority (CA).
The RSA algorithm technically creates the private key first, but most applications that create the key pair appear to create them at the same time.
A session key is a symmetric key, but RSA is an asymmetric algorithm.
The CA generates the certificate revocation list (CRL) to identify revoked certificates.
Online Certificate Status Protocol (OCSP) is an alternative to using CRLs to validate certificates, but it is not required.
Objective: 6.3 Given a scenario, use appropriate PKI, certificate management and associated components.[/DAP]
See Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Widget not in any sidebars