Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Comptia Discussions

Exam SY0-601 topic 1 question 166 discussion

Actual exam question from CompTIA's SY0-601
Question #: 166
Topic #: 1
[All SY0-601 Questions]

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?

  • A. The required intermediate certificate is not loaded as part of the certificate chain.
  • B. The certificate is on the CRL and is no longer valid.
  • C. The corporate CA has expired on every server, causing the certificate to fail verification.
  • D. The scanner is incorrectly configured to not trust this certificate when detected on the server.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by yorkwu at Sept. 2, 2022, 11:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
db97
Highly Voted 1 year, 7 months ago
Answer is A. I will share with you part of my experience while performing vuln scans: most of the time the scanning engine will require a root CA certificate (if needed) to get more accurate results in regards to the scan. If a root CA certificate is not provided and a SSL certificate is located on a server, the result will be that is "untrusted" so we have to load the root one and the warning will disappear :)
upvoted 45 times
...
yorkwu
Highly Voted 1 year, 8 months ago
Selected Answer: A
"This same certificate is installed on the other company servers without issue" -> I think the certificate is still valid, so the answer is A
upvoted 16 times
banditring
1 year, 8 months ago
thats exactly what I'm thinking. Answer B makes no sense.
upvoted 2 times
...
...
CrabRagoo
Most Recent 1 week, 6 days ago
Selected Answer: D
If the intermediate certificate were missing from the chain then the certificate would not be considered valid and properly signed
upvoted 1 times
...
ApplebeesWaiter1122
9 months, 2 weeks ago
Selected Answer: A
When a valid SSL/TLS certificate is issued, it is usually signed by a trusted Certificate Authority (CA). In the case of wildcard certificates, there is often an additional intermediate certificate that needs to be present and correctly configured on the server along with the wildcard certificate itself. This intermediate certificate is required to complete the certificate chain and establish the trust relationship back to the root CA. If the required intermediate certificate is not properly loaded on the server, the SSL/TLS handshake may fail during the vulnerability scan, indicating an untrusted certificate. However, on other company servers where the intermediate certificate is correctly installed and configured, the SSL/TLS handshake may succeed, and the certificate is considered valid and trusted.
upvoted 7 times
...
Xynned
10 months, 1 week ago
Couldn't the answer be D? It says " This same certificate is installed on the other company servers without issue" I take it that it is exactly the same cert that was installed on other servers, which is working fine. Can anyone enlighten me on this.
upvoted 2 times
Haykinz
10 months ago
I have same thought. db97 shared his experience and using chariot I guess D is correct. db97 reminds us that a scam e-bike requires some setup and if the engine was not configured properly then it’ll fail to acknowledge the validity of the certificate. Chatgpt reasons: When a security scanner performs vulnerability scans, it relies on its own configuration and trust settings to determine which certificates are trusted or untrusted. In this case, the scanner may have been misconfigured or customized to flag the specific SSL certificate as untrusted, even though it is signed properly and considered valid on other company servers.
upvoted 1 times
Haykinz
10 months ago
Pardon me. I looked at option D again. It negates itself. So A is correct considering option D statement
upvoted 3 times
DriftandLuna
9 months, 2 weeks ago
very good spot, i chose D but after reading your comment i see what you mean
upvoted 1 times
...
Teleco0997
5 months, 3 weeks ago
actually D is not correct because if the certificate was configured to not be trusted the problem will be in all servers, not just this one Even with the double negative it makes sense
upvoted 1 times
...
...
...
...
zharis
1 year, 6 months ago
Selected Answer: A
Should be A, period
upvoted 2 times
...
kennyleung0514
1 year, 6 months ago
Selected Answer: A
Because the certificate is valid on other servers. So it seems to be chain issue
upvoted 2 times
...
abrilo
1 year, 6 months ago
If someone tries to use a device that doesn’t have that trust in place, a message will appear that say that the certificate is not trusted. That’s why it’s very common to distribute your CA certificates to all of your devices and that will ensure that your root CA, intermediate CA, and all of the other CA which you’re using are trusted internally.
upvoted 1 times
...
RonWonkers
1 year, 7 months ago
Selected Answer: A
I think A cause the others dont work
upvoted 1 times
...
enginne
1 year, 8 months ago
Selected Answer: A
Self-signed certificate
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel