New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Arcitura Education S90.18 Exam - Topic 5 Question 113 Discussion

Actual exam question for Arcitura Education's S90.18 exam
Question #: 113
Topic #: 5
[All S90.18 Questions]

Service A requires self-signed digital certificates from all of its service consumers. The service and its service consumers both belong to the same organization. You are presented with a new requirement to only allow access to those service consumers with certificates that have not expired. How can this requirement be addressed with minimal impacts on the current security architecture?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Ciara at Jul 07, 2025, 02:58 AM

Limited Time Offer

25%

Off

Get Premium S90.18 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rebecka
2 months ago
Signing with an external CA seems unnecessary for this setup.
upvoted 0 times
...
Miss
3 months ago
Wait, can self-signed certs really handle expiry checks?
upvoted 0 times
...
Daisy
3 months ago
I think option D might be the best choice here.
upvoted 0 times
...
Hoa
3 months ago
Totally agree, option A makes sense!
upvoted 0 times
...
Berry
3 months ago
The certificates have validity periods, so we can check that.
upvoted 0 times
...
Willodean
3 months ago
I don't think any of the options fully address the requirement. Maybe option D is the best choice, but I need to think it through more.
upvoted 0 times
...
Luis
4 months ago
I feel like using certificates is definitely valid in this case, so option C seems wrong. But I can't recall the specifics of how to check expiry.
upvoted 0 times
...
Nobuko
4 months ago
I think we discussed something similar in class about using external CAs for revocation lists. Option B sounds plausible, but it might complicate things.
upvoted 0 times
...
Colette
4 months ago
I remember that self-signed certificates have validity periods, so maybe option A is correct? But I'm not entirely sure how that works in practice.
upvoted 0 times
...
Erick
4 months ago
Hmm, I'm not sure. I'll need to think this through carefully and consider all the options before deciding on the best approach.
upvoted 0 times
...
Leandro
4 months ago
Using certificates in this scenario doesn't seem like a valid option to me. There must be a better way to handle this requirement.
upvoted 0 times
...
Teri
5 months ago
I'm a bit confused on this one. Wouldn't we need to use an external certificate authority to access the CRL and check the expiry dates?
upvoted 0 times
...
Raelene
5 months ago
This seems like a straightforward question. The current security mechanism should already address the requirement since the certificates contain a validity period.
upvoted 0 times
...
Pura
7 months ago
Ah, the old 'self-signed certificates in the same organization' trick. It's like they're trying to make this question as confusing as possible. I'm just going to go with the CRL option and call it a day.
upvoted 0 times
Stanton
5 months ago
Yeah, I agree. None of the above might be the safest choice.
upvoted 0 times
...
Audrie
5 months ago
I'm not sure, but using certificates may not be the best option here.
upvoted 0 times
...
Edelmira
5 months ago
But what if the current security mechanism already covers the expiry dates?
upvoted 0 times
...
Dierdre
6 months ago
I think the CRL option is the way to go.
upvoted 0 times
...
...
Haydee
7 months ago
I'm not sure about either option. Maybe we should consider other alternatives.
upvoted 0 times
...
India
7 months ago
I disagree, I believe option B is the way to go. We need to have access to the CRL to check expiry dates.
upvoted 0 times
...
Dana
7 months ago
Haha, 'None of the above'? Well, that's a convenient answer. I guess the exam writers ran out of ideas and just threw that in as a catch-all.
upvoted 0 times
Leontine
7 months ago
Haha, yeah, 'None of the above' does seem like a bit of a cop-out.
upvoted 0 times
...
Casey
7 months ago
A) The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
upvoted 0 times
...
...
Brynn
8 months ago
I think option A is the best choice because the certificates already have the validity period.
upvoted 0 times
...
Bobbie
8 months ago
Using certificates is not a valid option? What is this, the dark ages? Everything runs on certificates these days. That's a bit of a stretch, don't you think?
upvoted 0 times
...
Zona
8 months ago
Ah, I see. We need to go the external CA route to get access to the CRL. Seems like a bit of a hassle, but I guess it's the most secure option.
upvoted 0 times
Joni
7 months ago
Ah, I see. We need to go the external CA route to get access to the CRL. Seems like a bit of a hassle, but I guess it's the most secure option.
upvoted 0 times
...
Jose
7 months ago
B) The certificates need to be signed by an external certificate authority so that the certificate authority's Certificate Revocation List (CRL) can be accessed in order to check the expiry dates of the certificates.
upvoted 0 times
...
Timmy
8 months ago
A) The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
upvoted 0 times
...
...
Benedict
8 months ago
The current security mechanism already addresses this requirement? Really? How can that be if we need to check for expired certificates? Sounds like a stretch to me.
upvoted 0 times
Jerry
7 months ago
A) I agree, the current security mechanism should already have a way to check for expired certificates. It's important to ensure the validity of the certificates.
upvoted 0 times
...
Silvana
7 months ago
B) The certificates need to be signed by an external certificate authority so that the certificate authority's Certificate Revocation List (CRL) can be accessed in order to check the expiry dates of the certificates.
upvoted 0 times
...
Luis
7 months ago
A) The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
upvoted 0 times
...
...

Save Cancel