Which authentication method allows a customer to authenticate to a web service?)
Correct Answer: D
Explanation:
One-way client authentication is the method where the client (customer) proves its identity to the server (web service). In cryptographic terms, this is commonly implemented through client credentials such as client TLS certificates (mTLS from the server’s perspective) or through authentication protocols layered over TLS (for example, signed tokens), but the defining direction is that the client is the party being authenticated. In a strict TLS certificate-authentication framing, client authentication occurs when the server requests a client certificate during the handshake and the client demonstrates possession of the corresponding private key (via signature in handshake messages). The server then validates the client certificate chain and authorization policy. One-way server authentication, by contrast, authenticates only the server to the client and does not identify the customer. Mutual authentication authenticates both sides simultaneously; while it includes client authentication, it is broader than what the question asks. “End-to-end authentication” describes assurance between endpoints across intermediaries, but it is not the specific “customer authenticates to service” method in certificate-based terminology. Therefore, the best answer is oneway client authentication.
Question 2
(Which authentication method allows a web service installed on a network operating system to prove its identity to a customer?)
Correct Answer: B
Explanation:
One-way server authentication is the standard model used by most TLS-enabled web services to prove the server’s identity to a client. In this model, the server presents an X.509 certificate during the TLS handshake. The client validates the certificate chain to a trusted root CA, checks hostname binding (CN/SAN), validates validity dates, and may check revocation status. If validation succeeds, the client gains cryptographic assurance that it is communicating with the holder of the private key corresponding to the server certificate’s public key, and that the certificate is issued to the expected domain/identity. This proves the server’s identity to the customer without requiring the customer to present a certificate. Mutual authentication would require both client and server to authenticate each other using certificates (commonly in certain enterprise APIs), but the question asks specifically about the web service proving its identity to the customer, which is satisfied by server-only authentication. One-way client authentication is the opposite direction (client proves identity to server). “End-to-end authentication” is a broader concept and not the specific TLS identity proof mechanism described here. Thus, one-way server authentication is the correct choice.
Question 3
(A company wants to use certificates issued by a root CA to demonstrate to customers that it is a legitimate company being hosted by a cloud provider. Who needs to trust the root CA public key?)
Correct Answer: A
Explanation:
In a public key infrastructure, trust in a certificate ultimately depends on the relying party’s trust anchor set—typically the root CA certificates preinstalled in a customer’s browser/OS trust store. For customers to accept the company’s certificate as legitimate, the buyer (customer) must trust the root CA public key (or an intermediate chained to it) so they can validate the certificate chain and signatures. The seller (the company) also must trust and rely on the root CA public key to build and present a valid chain and to make operational decisions based on that CA’s issuance and revocation mechanisms; practically, the seller selects a CA whose root is widely trusted by customers. The cloud provider’s trust is not what makes the certificate valid to customers; the provider may terminate TLS or pass traffic through, but customer validation is based on the chain to a trusted root. Government agencies like the FTC are not part of the cryptographic trust path for TLS certificate validation. Therefore, among the given options, the correct pairing is the seller and the buyer, reflecting both the issuer selection/usage by the company and the relying-party validation by customers.
Demo Practice Mode
You are viewing only the questions marked as Demo.