CISSP Domain 3: PKI, TLS & Crypto Attacks (2026)

On the CISSP, the Registration Authority verifies your identity but the Certificate Authority is the one that issues and signs the certificate - and that single distinction decides a cluster of exam points. This Domain 3 deep-dive walks Public Key Infrastructure end to end, then how TLS and IPsec actually deploy those keys, and finally the cryptanalytic attacks and the post-quantum threat the 2026 exam now expects you to know. With Grace, Erica, Nova, and Fenrir, we cover the applied-crypto half of Domain 3 and the question-reading habits that turn ‘BEST’ and ‘MOST’ scenarios into a fast, defensible answer.

In this video:

• CA versus RA: who verifies identity and who issues the certificate
• The X.509 certificate and how trust chains up to a root CA
• CRL versus OCSP: the revocation distinction the exam loves
• Key escrow, M-of-N recovery, and why you never escrow signing keys
• The TLS handshake and IPsec AH versus ESP, transport versus tunnel
• Named cryptanalytic attacks, rainbow tables versus salting, and post-quantum crypto

The next video moves into site and facility security: fire, HVAC, power, and the data center as a control. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024, covering objectives 3.6 and 3.7.

▶ Watch next: CISSP Domain 3: Data Center Fire, HVAC & Power https://www.youtube.com/watch?v=B0K18p13R6k

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi