ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company must exchange sensitive research data with several external partners. The partners propose using their existing PGP keypairs, which they mutually sign and distribute. Your security architect instead recommends issuing X.509 certificates to all parties from the organization's AWS Private CA, following a traditional CA hierarchy. When evaluating these two approaches, which statement correctly identifies a fundamental difference between a PGP-style Web of Trust (WoT) and a hierarchical PKI?
Hierarchical PKI lacks any formal revocation capabilities, while a Web of Trust provides universally recognized certificate revocation lists.
A Web of Trust depends on a central registration authority to distribute certificates, whereas a hierarchical PKI relies on peer-to-peer key signing between users.
In a Web of Trust, users build trust by directly signing each other's keys, eliminating the need for a central certificate authority that is fundamental to a hierarchical PKI.
Hierarchical PKI cannot scale to large user communities, but a Web of Trust does so automatically through built-in path discovery and validation.
A Web of Trust such as that used by PGP is decentralized: each user decides which public keys to trust based on signatures from other users, so no single certificate authority (CA) is required. By contrast, a hierarchical PKI depends on one or more trusted CAs at the root and intermediate levels to vouch for the binding between identities and keys. Therefore, WoT establishes trust through peer endorsements, whereas hierarchical PKI relies on central CAs. The other statements invert or mischaracterize the models: WoT does not depend on central registration authorities, hierarchical PKI supports certificate revocation lists while WoT typically lacks a standardized global revocation mechanism, and hierarchical PKI is generally designed to scale via certificate chains, while WoT's manual trust decisions can become unwieldy at large scale.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a Web of Trust and hierarchical PKI?
Open an interactive chat with Bash
How does certificate revocation work in a hierarchical PKI compared to Web of Trust?
Open an interactive chat with Bash
What role does AWS Private CA play in hierarchical PKI?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .