ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 166 discussion

Actual exam question from CompTIA's SY0-601
Question #: 166
Topic #: 1
[All SY0-601 Questions]

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?

  • A. The required intermediate certificate is not loaded as part of the certificate chain.
  • B. The certificate is on the CRL and is no longer valid.
  • C. The corporate CA has expired on every server, causing the certificate to fail verification.
  • D. The scanner is incorrectly configured to not trust this certificate when detected on the server.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by yorkwu at Sept. 2, 2022, 11:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
db97
Highly Voted 2 years, 9 months ago
Answer is A. I will share with you part of my experience while performing vuln scans: most of the time the scanning engine will require a root CA certificate (if needed) to get more accurate results in regards to the scan. If a root CA certificate is not provided and a SSL certificate is located on a server, the result will be that is "untrusted" so we have to load the root one and the warning will disappear :)
upvoted 47 times
...
yorkwu
Highly Voted 2 years, 10 months ago
Selected Answer: A
"This same certificate is installed on the other company servers without issue" -> I think the certificate is still valid, so the answer is A
upvoted 16 times
banditring
2 years, 9 months ago
thats exactly what I'm thinking. Answer B makes no sense.
upvoted 2 times
...
...
CrabRagoo
Most Recent 1 year, 2 months ago
Selected Answer: D
If the intermediate certificate were missing from the chain then the certificate would not be considered valid and properly signed
upvoted 1 times
...
ApplebeesWaiter1122
1 year, 11 months ago
Selected Answer: A
When a valid SSL/TLS certificate is issued, it is usually signed by a trusted Certificate Authority (CA). In the case of wildcard certificates, there is often an additional intermediate certificate that needs to be present and correctly configured on the server along with the wildcard certificate itself. This intermediate certificate is required to complete the certificate chain and establish the trust relationship back to the root CA. If the required intermediate certificate is not properly loaded on the server, the SSL/TLS handshake may fail during the vulnerability scan, indicating an untrusted certificate. However, on other company servers where the intermediate certificate is correctly installed and configured, the SSL/TLS handshake may succeed, and the certificate is considered valid and trusted.
upvoted 7 times
...
Xynned
1 year, 12 months ago
Couldn't the answer be D? It says " This same certificate is installed on the other company servers without issue" I take it that it is exactly the same cert that was installed on other servers, which is working fine. Can anyone enlighten me on this.
upvoted 3 times
Haykinz
1 year, 11 months ago
I have same thought. db97 shared his experience and using chariot I guess D is correct. db97 reminds us that a scam e-bike requires some setup and if the engine was not configured properly then it’ll fail to acknowledge the validity of the certificate. Chatgpt reasons: When a security scanner performs vulnerability scans, it relies on its own configuration and trust settings to determine which certificates are trusted or untrusted. In this case, the scanner may have been misconfigured or customized to flag the specific SSL certificate as untrusted, even though it is signed properly and considered valid on other company servers.
upvoted 1 times
Haykinz
1 year, 11 months ago
Pardon me. I looked at option D again. It negates itself. So A is correct considering option D statement
upvoted 3 times
DriftandLuna
1 year, 11 months ago
very good spot, i chose D but after reading your comment i see what you mean
upvoted 1 times
...
Teleco0997
1 year, 7 months ago
actually D is not correct because if the certificate was configured to not be trusted the problem will be in all servers, not just this one Even with the double negative it makes sense
upvoted 1 times
...
...
...
...
zharis
2 years, 8 months ago
Selected Answer: A
Should be A, period
upvoted 2 times
...
kennyleung0514
2 years, 8 months ago
Selected Answer: A
Because the certificate is valid on other servers. So it seems to be chain issue
upvoted 2 times
...
abrilo
2 years, 8 months ago
If someone tries to use a device that doesn’t have that trust in place, a message will appear that say that the certificate is not trusted. That’s why it’s very common to distribute your CA certificates to all of your devices and that will ensure that your root CA, intermediate CA, and all of the other CA which you’re using are trusted internally.
upvoted 1 times
...
RonWonkers
2 years, 9 months ago
Selected Answer: A
I think A cause the others dont work
upvoted 1 times
...
enginne
2 years, 9 months ago
Selected Answer: A
Self-signed certificate
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel