Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?
A.
Certification authority
B.
Key escrow
C.
Certificate revocation list
D.
Registration authority
Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.Incorrect Answers:
B: Key escrow is not related to issuing certificates.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are
held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is
generally the government, but it could also be an employer if an employee’s private messages have been called into question.
C: A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. A CRL is not used to issue certificates.
D: A registration authority (RA) offloads some of the work from a CA. An RA system operates as a middleman in the process: It can distribute keys, accept
registrations for the CA, and validate identities. However, the RA doesn’t issue certificates; that responsibility remains with the CA.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 278-290