ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company operates several internal web apps that use TLS certificates issued by the organization's private PKI. A new group of Windows 10 laptops will be shipped to remote employees who will connect through a VPN. To avoid browser trust warnings and minimize manual effort, which approach MOST effectively ensures every laptop automatically trusts the internal certification hierarchy as soon as the device joins the domain?
Post the root certificate on the company intranet portal and ask users to download and add it to their browser's trusted certificate list after connecting via VPN.
Configure browsers on the laptops to bypass certificate validation for any domain ending with the company's internal DNS suffix.
Email each user a password-protected PFX file containing the root certificate and instruct them to import it manually before accessing any internal site.
Create a Group Policy object that automatically deploys the organization's root and intermediate CA certificates to the Trusted Root Certification Authorities store when domain-joined devices refresh policy.
Distributing the organization's root (and any intermediate) CA certificates through an Active Directory Group Policy object (GPO) leverages automatic certificate enrollment. When the laptop first authenticates to the domain-whether on-premises or through a VPN-the GPO applies and silently places the CA certificates into the local Trusted Root Certification Authorities store. This guarantees that all enterprise-issued TLS certificates are trusted without requiring end-user action or weakening security. Manually emailing PFX files or posting certificates on an intranet relies on user action and lacks centralized control. Disabling certificate validation removes an essential security control and is not acceptable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Private PKI?
Open an interactive chat with Bash
What is Group Policy in Active Directory?
Open an interactive chat with Bash
What are Trusted Root Certification Authorities?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .