Understanding Security+ Question

By netsurfer802
in Smart Home, Network & Security

 Share

Recommended Posts

Proficient

netsurfer802

Posted
Posted

I'm studying for the Security+ certification and don't really understand an answer to the question (see below). I've tried searching online and can't seem to find a clear answer on what a certificate CN is and what an A record is...can somebody please explain?...

Which of the following is true when Sara, a user, browsing to an HTTPS site receives the

message: 'Site name mismatch'?

A. The certificate CN is different from the site DNS A record.

B. The CA DNS name is different from the root certificate CN.

C. The certificate was issued by the intermediate CA and not by the root CA.

D. The certificate file name is different from the certificate CN.

Answer: A

Link to comment
https://www.neowin.net/forum/topic/1145294-understanding-security-question/
Share on other sites
Collaborator

Innuendo

Posted
Posted

I'm taking my Security+ course in college right now so maybe I can help.

What answer A is basically telling you is that the Certificate Name (the web site name the certificate was issued to) does not match the host record (the web site name that Sara is visiting) on the DNS server.

Example: Sara types https://www.bobs-web-site.org into her browser and when she gets there her browser finds an SSL certificate issued to stans-web-site.net.

Does this help?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I don't like the wording of the answer --- the dns record might not even come into play, What if the user is using a host file? Or what if user is accessing site via netbios name on a local lan?

Better wording might of been CN does not match url used to access site. Maybe the user accessed site via http:\\ipaddress

A dns A record is an IP for a host name in a specific zone - so again wording is not correct for what they are wanting you to understand.

What if going to www.domainx.com which is a cname that points to www.domainb.com, etc. No A record for the FQDN (fully qualified domain name) the user used to access the site. There would be an A record for www.domainb.com, but no A record for where you went.

CN stands for common name, which is a field on the cert when generated.

if you get a mismatch error, all its telling you use the URL in your browser does not match the common name on the cert. Saying it does not match the A record is not really accurate since they don't even say how the user accessed the site. Could of been via IP or netbios name, etc.

Not sure what material your using - but seems from your multiple questions in the past, its not a very good resource.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • The official Funny Pictures thread

      By +primortal · Posted

    • Politically funny images of the World

      By +primortal · Posted

    • Apple CEO Tim Cook confirms looming price hikes due to memory shortages

      By Stup0t · Posted

      No kidding, Tim, we've been running low on memory for a while now... get your head out of the Apple pixie dust cloud and come back down to earth with us peons.
    • EA Sports UFC 6 review: Brutal, satisfying, and surprisingly accessible to newcomers

      By Astra.Xtreme · Posted

      It's really pathetic that an MMA video game triggers your political rage...
    • Nvidia GeForce NOW gains support for seven more games as discounts continue

      By LoneWolfSL · Posted

      Nvidia GeForce NOW gains support for seven more games as discounts continue by Pulasthi Ariyasinghe There's a brand-new update rolling out to Nvidia's GeForce NOW streaming service, and like every week, that means more games have received support on the platform. This week's drop has additions like Aphelion and Pro Cycling Manager 26 attached to it. Don't forget that the GeForce NOW summer sale is still active too. This limited-time offer drops the 12-month Performance membership from $99.99 to $64.99, saving members $35. At the same time, the 12-month Ultimate membership is currently going for $129.99, dropping the price by $70 from the original $199.99. Moreover, Nvidia reiterated that support for GOG single sign-in and game library is incoming this summer, joining stores like Steam, Ubisoft Connect, Battle.net, and Xbox. "Connect supported game store accounts and stream titles with GeForce RTX power. Games that include cloud-save functionality help keep progress intact across devices," added the company. "Start a game on one screen, pick up where playtime left off on another, and spend less time managing installs and storage space." Here are the games joining GeForce NOW's supported list this week: Embers of the Uncrowned Demo (New release on Steam, available 13) Pro Cycling Manager 26 (New release on Steam, available June 15) Aphelion (Steam) Citizen Sleeper (Epic Game Store, Free from June 18-25) Megastore Simulator (Steam) OPERATOR (Steam) Super Meat Boy 3D (Xbox, available on Game Pass) Keep in mind that, unlike subscription services like Game Pass or EA Play, a copy of a game must be owned by the GeForce NOW member (or at least have a license via PC Game Pass) to start playing via Nvidia's cloud servers. There is also a limit to how many hours subscribers can use the service per month, with extra time being purchasable in chunks.

  • Recent Achievements

    • Week One Done
      Huge Trailer earned a badge
      Week One Done
    • Week One Done
      Classifyskilleducation earned a badge
      Week One Done
    • One Month Later
      eurospharma62 earned a badge
      One Month Later
    • Week One Done
      With What earned a badge
      Week One Done
    • Week One Done
      Harris Gilbert earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      532
    2. 2
      +Edouard
      167
    3. 3
      PsYcHoKiLLa
      72
    4. 4
      neufuse
      64
    5. 5
      ATLien_0
      63
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!