Systems Security Certified Practitioner – SSCP – Question0748

What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?

A.
Level 1/Class 1
B. Level 2/Class 2
C. Level 3/Class 3
D. Level 4/Class 4

Correct Answer: B

Explanation:

Users can obtain certificates with various levels of assurance. Here is a list that describe each of them:
-Class 1/Level 1 for individuals, intended for email, no proof of identity For example, level 1 certificates verify electronic mail addresses. This is done through the use of a personal information number that a user would supply when asked to register. This level of certificate may also provide a name as well as an electronic mail address; however, it may or may not be a genuine name (i.e., it could be an alias). This proves that a human being will reply back if you send an email to that name or email address.
-Class 2/Level 2 is for organizations and companies for which proof of identity is required Level 2 certificates verify a user’s name, address, social security number, and other information against a credit bureau database.
-Class 3/Level 3 is for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority Level 3 certificates are available to companies. This level of certificate provides photo identification to accompany the other items of information provided by a level 2 certificate.
-Class 4 for online business transactions between companies -Class 5 for private organizations or governmental security
References: http://en.wikipedia.org/wiki/Digital_certificate veriSign introduced the concept of classes of digital certificates: Also see: Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3, Secured Connections to External Networks (page 54).