CISA Certified Information Systems Auditor – Question1556

In a public key infrastructure, a registration authority:

A.
verifies information supplied by the subject requesting a certificate.
B. issues the certificate after the required attributes are verified and the keys are generated.
C. digitally signs a message to achieve nonrepudiation of the signed message.
D. registers signed messages to protect them from future repudiation.

Correct Answer: A

Explanation:

Explanation:
A registration authority is responsible for verifying information supplied by the subject requesting a certificate, and verifies the requestor’s right to request certificate attributes and that the requestor actually possesses the private key corresponding to the public key being sent.
Certification authorities, not registration authorities, actually issue certificates once verification of the information has been completed; because of this, choice B is incorrect. On the other hand, the sender who has control of their private key signs the message, not the registration authority. Registering signed messages is not a task performed by registration authorities.