Which statement about enrollment in the IP telephony PKI is true? (Source: Understanding Cisco IP Telephony Authentication and Encryption Fundamentals)
A.
CAPF enrollment supports the use of authentication strings.
B.
The CAPF itself has to enroll with the Cisco CTL client.
C.
LSCs are issued by the Cisco CTL client or by the CAPF.
D.
MICs are issued by the CAPF itself or by an external CA.
Explanation:
Incorrect answer: BCD
The CAPF enrollment process is as follows:
1. The IP phone generates its public and private key pairs.
2. The IP phone downloads the certicate of the CAPF and uses it to establish a TLS session with the CAPF.
3. The IP phone enrolls with the CAPF, sending its identity, its public key, and an optional authentication string.
4. The CAPF issues a certicate for the IP phone signed with its private key.
5. The CAPF sends the signed certicate to the IP phone. Link:http://my.safaribooksonline.com/book/certification/cipt/9781587052613/understanding-cisco- ip-telephony-authentication-and-encryption-fundamentals/584.