A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet.
Which of the following should be used in the code? (Select TWO.)
A. Escrowed keys
B. SSL symmetric encryption key
C. Software code private key
D. Remote server public key
E. OCSP
How To Pass SY0-601 Exam?CompTIA SY0-601 PDF dumps.High quality SY0-601 pdf and software. VALID exam to help you pass. |
 |
D and E. The question says “verifying that a key is valid” – but doesn’t specify who’s key (the software’s key or the remote host’s key). It makes most sense that the application wants to verify that the remote host’s key is valid – not that its own key is valid. So the app needs the public key of the remote server to use OCSP to verify the validity of that key.
The question states “wants to ensure that the application is verifying that a key is valid” – NOT – “wants to ensure that the application is verifying that a certificate is valid.” OCSP is for obtaining the revocation status of X.509 digital certificates. A public “key” is issued for purposes of PKI – not for certificates. Public and private keys are used together for decrypting encrypted data. The question is likely mis-typed and meant to state “certificate” instead of “key.”
I would answer D, E.
The software needs to verify public keys of remote servers using OCSP service. It doesn’t need its own private key for this.