Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Arcitura Education S90.18 Exam - Topic 5 Question 113 Discussion

Service A requires self-signed digital certificates from all of its service consumers. The service and its service consumers both belong to the same organization. You are presented with a new requirement to only allow access to those service consumers with certificates that have not expired. How can this requirement be addressed with minimal impacts on the current security architecture?
A) The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
B) The certificates need to be signed by an external certificate authority so that the certificate authority's Certificate Revocation List (CRL) can be accessed in order to check the expiry dates of the certificates.
C) Using certificates in this scenario is not a valid option.
D) None of the above

Arcitura Education S90.18 Exam - Topic 5 Question 113 Discussion

Actual exam question for Arcitura Education's S90.18 exam
Question #: 113
Topic #: 5
[All S90.18 Questions]

Service A requires self-signed digital certificates from all of its service consumers. The service and its service consumers both belong to the same organization. You are presented with a new requirement to only allow access to those service consumers with certificates that have not expired. How can this requirement be addressed with minimal impacts on the current security architecture?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Ciara at Jul 07, 2025, 02:58 AM

Limited Time Offer

25%

Off

Get Premium S90.18 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rebecka
5 months ago
Signing with an external CA seems unnecessary for this setup.
upvoted 0 times
...
Miss
6 months ago
Wait, can self-signed certs really handle expiry checks?
upvoted 0 times
...
Daisy
6 months ago
I think option D might be the best choice here.
upvoted 0 times
...
Hoa
6 months ago
Totally agree, option A makes sense!
upvoted 0 times
...
Berry
6 months ago
The certificates have validity periods, so we can check that.
upvoted 0 times
...
Willodean
7 months ago
I don't think any of the options fully address the requirement. Maybe option D is the best choice, but I need to think it through more.
upvoted 0 times
...
Luis
7 months ago
I feel like using certificates is definitely valid in this case, so option C seems wrong. But I can't recall the specifics of how to check expiry.
upvoted 0 times
...
Nobuko
7 months ago
I think we discussed something similar in class about using external CAs for revocation lists. Option B sounds plausible, but it might complicate things.
upvoted 0 times
...
Colette
7 months ago
I remember that self-signed certificates have validity periods, so maybe option A is correct? But I'm not entirely sure how that works in practice.
upvoted 0 times
...
Erick
7 months ago
Hmm, I'm not sure. I'll need to think this through carefully and consider all the options before deciding on the best approach.
upvoted 0 times
...
Leandro
8 months ago
Using certificates in this scenario doesn't seem like a valid option to me. There must be a better way to handle this requirement.
upvoted 0 times
...
Teri
8 months ago
I'm a bit confused on this one. Wouldn't we need to use an external certificate authority to access the CRL and check the expiry dates?
upvoted 0 times
...
Raelene
8 months ago
This seems like a straightforward question. The current security mechanism should already address the requirement since the certificates contain a validity period.
upvoted 0 times
...
Pura
10 months ago
Ah, the old 'self-signed certificates in the same organization' trick. It's like they're trying to make this question as confusing as possible. I'm just going to go with the CRL option and call it a day.
upvoted 0 times
Stanton
8 months ago
Yeah, I agree. None of the above might be the safest choice.
upvoted 0 times
...
Audrie
8 months ago
I'm not sure, but using certificates may not be the best option here.
upvoted 0 times
...
Edelmira
9 months ago
But what if the current security mechanism already covers the expiry dates?
upvoted 0 times
...
Dierdre
10 months ago
I think the CRL option is the way to go.
upvoted 0 times
...
...
Haydee
10 months ago
I'm not sure about either option. Maybe we should consider other alternatives.
upvoted 0 times
...
India
11 months ago
I disagree, I believe option B is the way to go. We need to have access to the CRL to check expiry dates.
upvoted 0 times
...
Dana
11 months ago
Haha, 'None of the above'? Well, that's a convenient answer. I guess the exam writers ran out of ideas and just threw that in as a catch-all.
upvoted 0 times
Leontine
10 months ago
Haha, yeah, 'None of the above' does seem like a bit of a cop-out.
upvoted 0 times
...
Casey
10 months ago
A) The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
upvoted 0 times
...
...
Brynn
11 months ago
I think option A is the best choice because the certificates already have the validity period.
upvoted 0 times
...
Bobbie
11 months ago
Using certificates is not a valid option? What is this, the dark ages? Everything runs on certificates these days. That's a bit of a stretch, don't you think?
upvoted 0 times
...
Zona
11 months ago
Ah, I see. We need to go the external CA route to get access to the CRL. Seems like a bit of a hassle, but I guess it's the most secure option.
upvoted 0 times
Joni
10 months ago
Ah, I see. We need to go the external CA route to get access to the CRL. Seems like a bit of a hassle, but I guess it's the most secure option.
upvoted 0 times
...
Jose
11 months ago
B) The certificates need to be signed by an external certificate authority so that the certificate authority's Certificate Revocation List (CRL) can be accessed in order to check the expiry dates of the certificates.
upvoted 0 times
...
Timmy
11 months ago
A) The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
upvoted 0 times
...
...
Benedict
11 months ago
The current security mechanism already addresses this requirement? Really? How can that be if we need to check for expired certificates? Sounds like a stretch to me.
upvoted 0 times
Jerry
10 months ago
A) I agree, the current security mechanism should already have a way to check for expired certificates. It's important to ensure the validity of the certificates.
upvoted 0 times
...
Silvana
10 months ago
B) The certificates need to be signed by an external certificate authority so that the certificate authority's Certificate Revocation List (CRL) can be accessed in order to check the expiry dates of the certificates.
upvoted 0 times
...
Luis
10 months ago
A) The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
upvoted 0 times
...
...

Save Cancel