2d • 🙋♂️ CISSP
CISSP Practice Question – Domain 4 (Secure Network Design & Key Management)
A multinational enterprise operates a highly distributed microservices architecture across multiple cloud providers.All traffic between microservices must be encrypted and authenticated. To simplify governance, the company wants a single global certificate hierarchy for all workloads across all clouds and on-prem systems.
However, several constraints apply:
- Private keys must never leave the host or container where they are created.
- Certificate issuance must support auto-scaling, ephemeral workloads, and identity rotation every few minutes.
- The environment includes legacy systems that cannot use modern service mesh sidecars.
- Security monitoring requires centralized revocation and trust-state visibility across all issuers.
Which PKI architecture BEST satisfies these requirements?
A. single monolithic root CA issuing certificates directly to all cloud and on-prem workloads.
B. Multiple independent PKIs, each cloud provider managing its own root and workload certificates.
C. A federated PKI with one offline enterprise root and cloud-specific subordinate CAs, each issuing short-lived, locally generated keypairs.
D. Use self-signed certificates generated per workload and synchronize fingerprints centrally for trust verification.
3
6 comments
CISSP Practice Question – Domain 4 (Secure Network Design & Key Management)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+46
2
+31
3
+30
4
+26
5
+16
Powered by