PrepAway - Latest Free Exam Questions & Answers

Which of the following must a security administrator do when the private key of a web server has been compromi

Which of the following must a security administrator do when the private key of a web server has been compromised by an intruder?

PrepAway - Latest Free Exam Questions & Answers

A.
Submit the public key to the CRL.

B.
Use the recovery agent to revoke the key.

C.
Submit the private key to the CRL.

D.
Issue a new CA.

2 Comments on “Which of the following must a security administrator do when the private key of a web server has been compromi

  1. Donald says:

    I don’t think this answer is correct. If all it takes is your public key to revoke a certificate then anybody possessing your public key could have your certificate revoked. Doesn’t that make sense?




    0



    0
  2. Courtney says:

    That was my first reaction, but I would assume that just anybody that knows the public key can’t notify the CA to revoke a key. Only the owner would.
    Refer to RSA Labs explanation:
    http://www.rsa.com/rsalabs/node.asp?id=2274
    “You must immediately notify any certifying authorities for the public keys and have your public key placed on a certificate revocation list (see Question 4.1.3.16); this will inform people that the private key has been compromised and the public key has been revoked”




    0



    0

Leave a Reply