ACCP Exam - Question 14

Question

Refer to the exhibit. Based on the configuration for the client's certificate private key as shown, which statements accurately describe the settings? (Choose two. ).

Examice · Accepted Answer

The configuration shows that the private key type is set to '1024-bit RSA - created by device.' This means that the private key is generated by the user device itself and is stored there, ensuring that only the device has access to it. Consequently, more bits in the private key will increase security as it makes it more difficult for unauthorized entities to guess or compute the key. Thus, the two correct statements are that more bits in the private key will increase security and that the private key is stored in the user device.

hujinki · Answer

A and E. Private key is mandatory and must be known only by the device, so B and C are false. More bits in the key make it more difficult to guess.

youuuuu · Answer

I think the private key is on the server. So C is correct, not E.

pabx31 · Answer

More bits = more security
The cert and key are generated by the device, the cert is used by Clearpass to encrypt and the key is used to decrypt.  thus kept on the device.

tezk · Answer

AE

The option "created by device" will use SCEP to provision the EAP-TLS client certificate. The certificate signing request will be generated in the device and get it signed against OnBoard CA , so the private key is known only to the device. When you use the option"created by device", re-provisioning a client will generate new certificate every time.

https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=c768b34a-cf40-4736-8222-39a8533be380

ACCP Exam - Question 14

Discussion