CompTIA Linux+ XK0-006 (V8) Practice Question

The correct command is curl -k https://dev-server/config.txt. The -k or --insecure option for curl explicitly allows connections to SSL sites without verifying the certificate. This is suitable for a trusted internal development environment where a self-signed certificate is common and the immediate goal is to access a file, not to establish a permanent, secure connection.

• openssl s_client -connect dev-server:443 -showcerts is a diagnostic tool used to connect to an SSL/TLS server and display its certificate chain; it does not download the file itself.
• update-ca-certificates is a command used on Debian-based systems to update the system's trusted CA certificate store. While this is part of the proper long-term solution (adding the self-signed certificate's CA to the trust store), it is more complex than needed for a quick, one-time test and requires root privileges.
• certutil -A -n "dev-server" -t "P,," -d sql:$HOME/.pki/nssdb -i dev-server.crt is a command for adding a certificate to the NSS database, which is used by applications like Firefox. It is not the most direct method for making curl trust a certificate for a single execution and is more complex than necessary for the described task.