During an external reconnaissance engagement, a penetration tester queries the certificate-transparency site crt.sh for all certificates issued to the client's primary domain. The search returns several recently issued wildcard certificates that the client's security team states were never requested. Which of the following statements BEST describes the type of publicly accessible data source the tester used to discover these suspicious certificates?
They are open ledgers that track legitimate domain certificates to uncover potential misissuances.
They are distributed records compiling updates about cryptographic algorithm usage.
They are secured documents that record attempts to gain unauthorized entry to a network.
They are privately held lists of user accounts that detail privilege changes over time.
Certificate-transparency logs form an open, append-only ledger of TLS certificates submitted by certificate authorities. Because anyone can query the logs, defenders and testers can look for unexpected or fraudulent certificates issued for their domains. The correct choice highlights the public, ledger-style nature of CT logs and their role in detecting misissuance. The distractors describe private account lists, registries of cryptographic-algorithm changes, and incident documents-none of which provide organization-wide visibility into newly issued domain certificates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Certificate Transparency (CT) log?
Open an interactive chat with Bash
How does querying a CT log help detect fraudulent certificates?
Open an interactive chat with Bash
What is the difference between a public CT log and private data sources?