Question 10 - WGU Managing-Cloud-Security Real Exam Questions [Jan 2026 Update]

Q: 10

An organization wants to ensure that all entities trust any certificate generated internally in the organization. What should be used to generate these certificates?

Options

Correct Answer:

Explanation

To ensure organization-wide trust for internally generated certificates, a central, trusted entity must issue and sign them. This entity is the Certificate Authority (CA). An organization establishes its own internal CA server, and its root certificate is installed on all devices and systems within the organization's control. This action establishes a "chain of trust." Consequently, any certificate that is subsequently generated and signed by this internal CA server will be automatically trusted by all entities within the organization, fulfilling the stated requirement.

Why Incorrect

A. Individual users’ private keys are used for personal authentication, signing, and decryption; they cannot issue certificates that are trusted by the entire organization.

B. A certificate repository server is a storage and distribution point for certificates and revocation lists, but it does not have the function to generate or sign them.

D. Individual systems' private keys are used for that specific system's cryptographic functions, not for issuing certificates to other entities in a trusted manner.

References

1. National Institute of Standards and Technology (NIST). (2020). Special Publication (SP) 800-57 Part 1 Rev. 5: Recommendation for Key Management

Part 1: General. Section 2.1.3

"Public Key Infrastructure

" states

"A CA is an authority trusted by one or more users to create and assign public key certificates... The CA is the component that users trust to bind public keys to identities."

2. Microsoft Corporation. (2021). Public Key Infrastructure Design Guidance. Microsoft Learn. In the "Role of the Certification Authority" section

it is detailed that "A certification authority (CA) is responsible for establishing and vouching for the identity of users

computers

and organizations... By issuing a digitally signed certificate

the CA attests to the identity of the certificate subject."

3. Pfleeger

C. P.

Pfleeger

S. L.

& Margulies

J. (2015). Security in Computing (5th ed.). Pearson Education. Chapter 5

"Cryptography in Practice

" Section 5.4

"Public Key Infrastructure

" explains that the CA is the trusted third party that signs certificates

and its public key serves as the root of trust for validating other certificates within its domain.

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE