Which of the following will allow the inspection of the data without multiple certificate deployments?

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

A. Include all available cipher suites.

B. Create a wildcard certificate.

C. Use a third-party CA.

D. Implement certificate pinning.

View Answer

Answer: B

Explanation:

A wildcard certificate is a certificate that can be used for multiple subdomains of a domain, such as *.example.com. This would allow the inspection of the data without multiple certificate deployments, as one wildcard certificate can cover all the subdomains that will be separated out with subdomains. Including all available cipher suites may not help with inspecting the data without multiple certificate deployments, as cipher suites are used for negotiating encryption and authentication algorithms, not for verifying certificates. Using a third-party CA (certificate authority) may not help with inspecting the data without multiple certificate deployments, as a third-party CA is an entity that issues and validates certificates, not a type of certificate. Implementing certificate pinning may not help with inspecting the data without multiple certificate deployments, as certificate pinning is a technique that hardcodes the expected certificate or public key in the application code, not a type of certificate.

Verified Reference:

https://www.comptia.org/blog/what-is-a-wildcard-certificate

https://partners.comptia.org/docs/default-source/resources/casp-content-guide