In PKI, which action establishes trust within an internal network without relying on public CAs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Use flashcards and multiple choice questions with hints and explanations. Ace your exam!

Multiple Choice

In PKI, which action establishes trust within an internal network without relying on public CAs?

Explanation:
The key idea is to create a trusted anchor inside the organization so internal systems can vouch for each other without involving public certificate authorities. By setting up a local Certificate Authority and issuing certificates for internal servers and services, you establish that internal clients should trust anything signed by that local CA. To make this work, you distribute the root certificate of the local CA to all endpoints, adding it to their trusted store. Once that root is trusted, certificates issued by the local CA serve as valid identities within the network, enabling encrypted communication and authentication without relying on public CAs. Using a public CA would move trust outside the organization, which isn’t what’s being asked. TLS that doesn’t use certificates can’t provide proper authentication, and obtaining code signing certificates from an external authority addresses code signing, not internal TLS trust.

The key idea is to create a trusted anchor inside the organization so internal systems can vouch for each other without involving public certificate authorities. By setting up a local Certificate Authority and issuing certificates for internal servers and services, you establish that internal clients should trust anything signed by that local CA. To make this work, you distribute the root certificate of the local CA to all endpoints, adding it to their trusted store. Once that root is trusted, certificates issued by the local CA serve as valid identities within the network, enabling encrypted communication and authentication without relying on public CAs.

Using a public CA would move trust outside the organization, which isn’t what’s being asked. TLS that doesn’t use certificates can’t provide proper authentication, and obtaining code signing certificates from an external authority addresses code signing, not internal TLS trust.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy