Objective 3.9 – PKI Exam Questions and
answers
Key Management (PKI)
Within PKI refers to all the steps taken to manage public and private keys used within the PKI. This
includes keeping private keys private, distributing public keys in certificates, and revoking certificates
when keys are compromised
Certificate Authority (CA)
A trusted third-party agency that is responsible for issuing digital certificates.
Intermediate CA
Subordinate organizations or entities to which CAs delegate the day-to-day issuance of certificates on
behalf of the CA.
Registration Authority (RA)
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and
authenticating users.
Certificate Revocation List (CRL)
An online list of digital certificates that the certificate authority has revoked
Certificate attributes
Fields in an X.509 digital certificate that are used when parties negotiate a secure connection.
Online Certificate Status Protocol (OCSP)
A protocol that allows you to determine the revocation status of a digital certificate using its serial
number
Certificate Signing Request (CSR)
A specially formatted encrypted message that validates the information the CA requires to issue a digital
certificate.
Common Name (CN)
An X500 attribute expressing a host or user name, also used as the subject identifier for a digital
certificate.
Subject Alternative Name (SAN)
Allows a certificate owner to specify additional domains and IP addresses to be supported
wildcard certificate
answers
Key Management (PKI)
Within PKI refers to all the steps taken to manage public and private keys used within the PKI. This
includes keeping private keys private, distributing public keys in certificates, and revoking certificates
when keys are compromised
Certificate Authority (CA)
A trusted third-party agency that is responsible for issuing digital certificates.
Intermediate CA
Subordinate organizations or entities to which CAs delegate the day-to-day issuance of certificates on
behalf of the CA.
Registration Authority (RA)
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and
authenticating users.
Certificate Revocation List (CRL)
An online list of digital certificates that the certificate authority has revoked
Certificate attributes
Fields in an X.509 digital certificate that are used when parties negotiate a secure connection.
Online Certificate Status Protocol (OCSP)
A protocol that allows you to determine the revocation status of a digital certificate using its serial
number
Certificate Signing Request (CSR)
A specially formatted encrypted message that validates the information the CA requires to issue a digital
certificate.
Common Name (CN)
An X500 attribute expressing a host or user name, also used as the subject identifier for a digital
certificate.
Subject Alternative Name (SAN)
Allows a certificate owner to specify additional domains and IP addresses to be supported
wildcard certificate
