Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 63 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 63
Topic #: 1
[All CAS-004 Questions]

A technician accidentally deleted the secret key that was corresponding to the public key pinned to a busy online magazine. To remedy the situation, the technician obtained a new certificate with a different key. However, paying subscribers were locked out of the website until the key-pinning policy expired. Which of the following alternatives should the technician adopt to prevent a similar issue in the future?

Show Suggested Answer Hide Answer
Suggested Answer: D

Certificate Authority Authorization (CAA) is not listed directly in the provided options, but it is a relevant mechanism in the context of managing certificates and preventing issues similar to the one described. However, based on the available choices, the Online Certificate Status Protocol (OCSP) comes closest to providing a viable solution. OCSP allows for real-time validation of a certificate's revocation status, which could mitigate the issue of users being locked out due to key pinning policies. It is a more modern and efficient alternative to Certificate Revocation Lists (CRLs), offering faster and more reliable certificate status checks. By implementing OCSP, the technician could ensure that clients receive timely updates on the revocation status of certificates, potentially avoiding the downtime caused by the key-pinning policy awaiting expiration.


by Samira at Sep 15, 2024, 11:10 AM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cherilyn
2 months ago
I'm with Gerardo on this one. Client authentication is the way to go. Gotta keep those subscribers happy, you know?
upvoted 0 times
Launa
15 days ago
Let's make sure to implement client authentication to avoid any future issues with the keys.
upvoted 0 times
...
Nelida
18 days ago
Client authentication would have saved us a lot of trouble with the key-pinning policy.
upvoted 0 times
...
Tamekia
22 days ago
I agree, it's important to make sure only authorized clients can access the website.
upvoted 0 times
...
Janae
1 months ago
Client authentication is definitely the best option to prevent this from happening again.
upvoted 0 times
...
...
Sarina
2 months ago
Haha, I bet the technician was like, 'Oops, did I do that?' Certificate revocation list all the way, baby!
upvoted 0 times
...
Theola
2 months ago
Oh, man, that's a tough one. I'd say the technician should go with the certificate authority authorization. That way, they can manage the certificates more effectively.
upvoted 0 times
Maybelle
1 months ago
User 3: Agreed, having better management of certificates is crucial for security.
upvoted 0 times
...
Fletcher
1 months ago
That sounds like a good idea. It would help prevent similar issues in the future.
upvoted 0 times
...
Blondell
1 months ago
I think the technician should consider using certificate authority authorization.
upvoted 0 times
...
...
Gerardo
3 months ago
I think client authentication would be the best solution. That way, the subscribers can't be locked out even if the certificate is changed.
upvoted 0 times
Sylvia
1 months ago
A: Agreed, it's a good way to prevent similar issues in the future.
upvoted 0 times
...
Elroy
2 months ago
B: Yeah, that way the subscribers won't get locked out.
upvoted 0 times
...
Effie
2 months ago
A: I think client authentication is a good idea.
upvoted 0 times
...
...
Kindra
3 months ago
I think Client authentication could also be a good alternative to prevent similar issues in the future. It adds an extra layer of security.
upvoted 0 times
...
Caitlin
3 months ago
I agree with Aleshia. A Certificate revocation list would help manage and revoke certificates more effectively.
upvoted 0 times
...
Tamar
3 months ago
Certificate revocation list seems like the way to go. That way, the technician can quickly revoke the certificate and get the subscribers back on the site.
upvoted 0 times
Kaycee
1 months ago
D: Agreed, it's a proactive solution to avoid locking out subscribers again.
upvoted 0 times
...
Lenora
2 months ago
C: It would definitely help prevent a similar issue in the future.
upvoted 0 times
...
Carlota
2 months ago
B: Yeah, that way the technician can quickly revoke the certificate if needed.
upvoted 0 times
...
Lenora
2 months ago
A: I think using a certificate revocation list is a good idea.
upvoted 0 times
...
...
Aleshia
3 months ago
I think the technician should consider using a Certificate revocation list to prevent this issue in the future.
upvoted 0 times
...

Save Cancel