When establishing a PKI in a local network without a public CA, what is a typical step?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Master concepts with flashcards and multiple choice questions, each enriching your understanding. Ready yourself to succeed in your exam!

Multiple Choice

When establishing a PKI in a local network without a public CA, what is a typical step?

Explanation:
When you’re in a private network with no public CA, the typical step is to establish your own PKI by creating a local Certificate Authority and issuing certificates from that CA. This gives you a trusted backbone for TLS within the organization because every certificate can be signed by your internal CA. You’d then distribute the root certificate of that local CA to all client devices so they trust the internal services, and you manage certificate lifetimes, revocation, and policy from a central point. This approach avoids dependence on public CAs and keeps control entirely in-house. The other options aren’t the right fit here: using an EV certificate from a public CA requires external trust and is unnecessary for internal services; certificate pinning to a remote server doesn’t establish an internal PKI; and enabling only HTTP means TLS isn’t used at all, which defeats PKI objectives.

When you’re in a private network with no public CA, the typical step is to establish your own PKI by creating a local Certificate Authority and issuing certificates from that CA. This gives you a trusted backbone for TLS within the organization because every certificate can be signed by your internal CA. You’d then distribute the root certificate of that local CA to all client devices so they trust the internal services, and you manage certificate lifetimes, revocation, and policy from a central point. This approach avoids dependence on public CAs and keeps control entirely in-house.

The other options aren’t the right fit here: using an EV certificate from a public CA requires external trust and is unnecessary for internal services; certificate pinning to a remote server doesn’t establish an internal PKI; and enabling only HTTP means TLS isn’t used at all, which defeats PKI objectives.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy