Understanding Security+ Question

By netsurfer802
in Smart Home, Network & Security

 Share

Recommended Posts

Proficient

netsurfer802

Posted
Posted

I'm studying for the Security+ certification and don't really understand an answer to the question (see below). I've tried searching online and can't seem to find a clear answer on what a certificate CN is and what an A record is...can somebody please explain?...

Which of the following is true when Sara, a user, browsing to an HTTPS site receives the

message: 'Site name mismatch'?

A. The certificate CN is different from the site DNS A record.

B. The CA DNS name is different from the root certificate CN.

C. The certificate was issued by the intermediate CA and not by the root CA.

D. The certificate file name is different from the certificate CN.

Answer: A

Link to comment
Share on other sites
Collaborator

Innuendo

Posted
Posted

I'm taking my Security+ course in college right now so maybe I can help.

What answer A is basically telling you is that the Certificate Name (the web site name the certificate was issued to) does not match the host record (the web site name that Sara is visiting) on the DNS server.

Example: Sara types https://www.bobs-web-site.org into her browser and when she gets there her browser finds an SSL certificate issued to stans-web-site.net.

Does this help?

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I don't like the wording of the answer --- the dns record might not even come into play, What if the user is using a host file? Or what if user is accessing site via netbios name on a local lan?

Better wording might of been CN does not match url used to access site. Maybe the user accessed site via http:\\ipaddress

A dns A record is an IP for a host name in a specific zone - so again wording is not correct for what they are wanting you to understand.

What if going to www.domainx.com which is a cname that points to www.domainb.com, etc. No A record for the FQDN (fully qualified domain name) the user used to access the site. There would be an A record for www.domainb.com, but no A record for where you went.

CN stands for common name, which is a field on the cert when generated.

if you get a mismatch error, all its telling you use the URL in your browser does not match the common name on the cert. Saying it does not match the A record is not really accurate since they don't even say how the user accessed the site. Could of been via IP or netbios name, etc.

Not sure what material your using - but seems from your multiple questions in the past, its not a very good resource.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing