Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 63 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 63
Topic #: 1
[All CAS-004 Questions]

A technician accidentally deleted the secret key that was corresponding to the public key pinned to a busy online magazine. To remedy the situation, the technician obtained a new certificate with a different key. However, paying subscribers were locked out of the website until the key-pinning policy expired. Which of the following alternatives should the technician adopt to prevent a similar issue in the future?

Show Suggested Answer Hide Answer
Suggested Answer: D

Certificate Authority Authorization (CAA) is not listed directly in the provided options, but it is a relevant mechanism in the context of managing certificates and preventing issues similar to the one described. However, based on the available choices, the Online Certificate Status Protocol (OCSP) comes closest to providing a viable solution. OCSP allows for real-time validation of a certificate's revocation status, which could mitigate the issue of users being locked out due to key pinning policies. It is a more modern and efficient alternative to Certificate Revocation Lists (CRLs), offering faster and more reliable certificate status checks. By implementing OCSP, the technician could ensure that clients receive timely updates on the revocation status of certificates, potentially avoiding the downtime caused by the key-pinning policy awaiting expiration.


by Samira at Sep 15, 2024, 11:10 AM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cherilyn
14 days ago
I'm with Gerardo on this one. Client authentication is the way to go. Gotta keep those subscribers happy, you know?
upvoted 0 times
Janae
1 days ago
Client authentication is definitely the best option to prevent this from happening again.
upvoted 0 times
...
...
Sarina
16 days ago
Haha, I bet the technician was like, 'Oops, did I do that?' Certificate revocation list all the way, baby!
upvoted 0 times
...
Theola
17 days ago
Oh, man, that's a tough one. I'd say the technician should go with the certificate authority authorization. That way, they can manage the certificates more effectively.
upvoted 0 times
Fletcher
3 days ago
That sounds like a good idea. It would help prevent similar issues in the future.
upvoted 0 times
...
Blondell
7 days ago
I think the technician should consider using certificate authority authorization.
upvoted 0 times
...
...
Gerardo
1 months ago
I think client authentication would be the best solution. That way, the subscribers can't be locked out even if the certificate is changed.
upvoted 0 times
Sylvia
7 days ago
A: Agreed, it's a good way to prevent similar issues in the future.
upvoted 0 times
...
Elroy
19 days ago
B: Yeah, that way the subscribers won't get locked out.
upvoted 0 times
...
Effie
23 days ago
A: I think client authentication is a good idea.
upvoted 0 times
...
...
Kindra
1 months ago
I think Client authentication could also be a good alternative to prevent similar issues in the future. It adds an extra layer of security.
upvoted 0 times
...
Caitlin
2 months ago
I agree with Aleshia. A Certificate revocation list would help manage and revoke certificates more effectively.
upvoted 0 times
...
Tamar
2 months ago
Certificate revocation list seems like the way to go. That way, the technician can quickly revoke the certificate and get the subscribers back on the site.
upvoted 0 times
Kaycee
5 days ago
D: Agreed, it's a proactive solution to avoid locking out subscribers again.
upvoted 0 times
...
Lenora
13 days ago
C: It would definitely help prevent a similar issue in the future.
upvoted 0 times
...
Carlota
20 days ago
B: Yeah, that way the technician can quickly revoke the certificate if needed.
upvoted 0 times
...
Lenora
1 months ago
A: I think using a certificate revocation list is a good idea.
upvoted 0 times
...
...
Aleshia
2 months ago
I think the technician should consider using a Certificate revocation list to prevent this issue in the future.
upvoted 0 times
...

Save Cancel