An organization s network uses public keys for message encryption. Which of the following manages security credentials in the network and issues certificates to confirm the identity and other attributes of a certificate in relation to other entities?
A.
Certificate Authority
B.
Certificate Revocation List
C.
Public Key Infrastructure
D.
Online Certificate Status Protocol
Explanation:
Certification authority (CA) is an entity in a network, which manages security credentials and public keys for message encryption. It issues certificates that confirm the identity and other attributes of a certificate in relation to other entities. Depending on the public key infrastructure implementation, a certificate includes the owners name, the owner’s public key, information about the public key owner, and the expiry date of the certificate.Answer option B is incorrect. CRL stands for Certificate Revocation List. In CRL, the certificates that are revoked by the Certificate Authority (CA) are mentioned. It becomes necessary for NetScreen to check the status of certificates received against a CRL to ensure their validity in phase 1 negotiation. The firewall recovers the CRL that is defined in the CRL certificate if a CRL is not loaded into the NetScreens database. The firewall attempts to recover the CRL defined in the CA certificate by means of LDAP or HTTP. In case the CRL is not defined in the CA certificate it can use the URL defined by the user for the CRL.
Answer option D is incorrect. Online Certificate Status Protocol (OCSP) is used for obtaining the revocation status of an X.509 digital certificate. It is used to verify the status of a certificate. It was created as an alternative to certificate revocation lists (CRL). It provides more timely information about the revocation status of a certificate. It also eliminates the need for clients to retrieve the CRLs themselves. Therefore, it generates to less network traffic and provides better bandwidth
management. It is described in RFC 2560 and is on the Internet standards track.
Answer option C is incorrect. A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained andshared through a trusted authority. The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message.