CISA Certified Information Systems Auditor – Question2170

Which of the following is NOT a true statement about public key infrastructure (PKI)?

A. The Registration authority role is to validate and issue digital certificates to end users
B. The Certificate authority role is to issue digital certificates to end users
C. The Registration authority (RA) acts as a verifier for Certificate Authority (CA)
D. Root certificate authority's certificate is always self-signed

Correct Answer: A

Explanation:

Explanation:
The word NOT is the keyword used in the question. We need to find out the invalid statement from the options.
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.
The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. (The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography.)
A public key infrastructure consists of:
A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key
A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requester
A Subscriber is the end user who wish to get digital certificate from certificate authority.
The following were incorrect answers:
The Certificate authority role is to issue digital certificates to end users – This is a valid statement as the job of a certificate authority is to issue a digital certificate to end user.
The Registration authority (RA) acts as a verifier for Certificate Authority (CA) – This is a valid statement as registration authority acts as a verifier for certificate authority
Root certificate authority’s certificate is always self-signed – This is a valid statement as the root certificate authority’s certificate is always self-signed.
Reference: http://searchsecurity.techtarget.com/definition/PKI