As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?
The correct certificate property for the described requirements is HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022. This option meets the requirement of containing a wildcard at the secondary subdomain level ('*.app1.comptia.org') and it has an annual validity period.
* - secondary subdomain app1 - subdomain comptia - domain
agree with seagnull - C is the only one with a secondary sub domain
I realized I don't know how to count.. thanks!
Believe in yourselves, you're not alone. I've been grinding here too, doubting myself but...I'll never stop.
Answer: A. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022. The question asks for the secondary subdomain. If the the domain is comptia.org then the SECONDARY subdomain would be the wildcard in HTTPS://*.comptia.org. In Answer C the domain goes three levels deep HTTPS://*.app1.comptia.org. And in D , Although the wildcard placement is correct the dates are two years instead of 1 year.
Clearly is C, end of story.
Wildcard is placed in subdomain level. D is 3 levels deep
A contains wildcards at the 1st subdomain level B doesn't contain wildcards D contains wildcards at the 1st subdomain level + certificate is valid for 2 years C contains wildcards at the second subdomain level and a certificate valid for one year. * - used for wildcards in the first subdomain level app1 - is the second subdomain comptia - is the domain org - is the top-level domain
C is the Answer And also to Note the Option D cert expires in 2 years which is wrong. an PKI cert should be valid is less than 1 year
https://www.ssldragon.com/blog/wildcard-certificate-multiple-level-subdomains/
Now, to create a subdivision within blog.yourdomain.com, you would generate a CSR with the format *.blog.yourdomain.com in place of the FQDM. Here the asterisk is substituting all the potential second-level subdomains of the “blog” subdomain. In the case of the question: *.app1.comptia.org ANSWER C
C should be correct because its for secondary or second level
crystal clear
Now, to create a subdivision within blog.yourdomain.com, you would generate a CSR with the format *.blog.yourdomain.com in place of the FQDM. Here the asterisk is substituting all the potential second-level subdomains of the “blog” subdomain.
D. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023
No, its C. D is not a subdomain level, thats top level.
Also that's valid for 2 years and it can only be valid for 1 year