A certificate authority takes which of the following actions in PKI?

A.
Signs and verifies all infrastructure messages

B.
Issues and signs all private keys

C.
Publishes key escrow lists to CRLs

D.
Issues and signs all root certificates

Explanation:
A certificate authority can issue multiple certificates in the form of a tree structure. A root certificate is
part of a public key infrastructure (PKI) scheme. The most common commercial variety is based on the
ITU-T X.509 standard, which normally includes a digital signature from a certificate authority (CA).Note: In cryptography and computer security, a root certificate is an unsigned public key certificate (also
called self-signed certificate) that identifies the Root Certificate Authority (CA).
Incorrect Answers:
A: A CA does not sign or verify infrastructure messages.
B: The CA issues and sign public keys, not private keys.
In cryptography, a PKI(Public key infrastructure) is an arrangement that binds public keys with respective
user identities by means of a certificate authority (CA). The primary role of the CA is to digitally sign and
publish the public key bound to a given user.
C: A CA would not publish key escrow lists.
Key escrow is the process of storing keys or certificates for use by law enforcement.
Law enforcement has the right, under subpoena, to conduct investigations using these keys.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 262, 278-290