In which of the following scenarios is PKI LEAST hardened?

A.
The CRL is posted to a publicly accessible location.

B.
The recorded time offsets are developed with symmetric keys.

C.
A malicious CA certificate is loaded on all the clients.

D.
All public keys are accessed by an unauthorized user.

Explanation:
A rogue Certification Authority (CA) certificate allows malicious users to impersonate any Web site on the
Internet, including banking and e-commerce sites secured using the HTTPS protocol. A rogue CA
certificate would be seen as trusted by Web browsers, and it is harmful because it can appear to be
signed by one of the root CAs that browsers trust by default. A rogue Certification Authority (CA)
certificate can be created using a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue
digital certificates for secure Web sites.Incorrect Answers:
A: The CRL should be readily accessible. It should be posted on a publically accessible location.
A CRL is a database of revoked keys and signatures.
B: Incorrect time offsets is much less of a security threat compared to a rogue Certification Authority
certificate.
D: Public keys are public and can be accessed by anyone.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 279-285
http://www.webopedia.com/TERM/R/rogue_certification_authority_certificate.html