shieldCISSP Practice Domain 3 — Security Architecture and Engineering Q68 of 120

What does a digital certificate primarily bind?

A CISSP practice question covering Domain 3: Security Architecture and Engineering. Try answering before reading the explanation below.

▶ Show options & answer

A user's password to a username

A public key to an identity, signed by a trusted CA

✓ Correct answer

A symmetric key to a session

An IP address to a MAC address

Why "A public key to an identity, signed by a trusted CA" is the right answer

X.509 certificates cryptographically bind a public key to an identity attested by a Certificate Authority. Symmetric session keys are negotiated separately (e.g., via TLS handshake). The other options describe authentication and ARP.

Study videos for this topic

Want to go deeper on Domain 3? Watch the full breakdown — every video is free, no account, no upsell.

CISSP Domain 3: Bell-LaPadula vs Biba (No More Mix-Ups)

Domain 3 — Security Architecture and Engineering

CISSP Domain 3: TPM, Reference Monitor, and TCB

Domain 3 — Security Architecture and Engineering

CISSP Domain 3: Cloud, ICS, IoT & Container Vulnerabilities

Domain 3 — Security Architecture and Engineering

CISSP Crypto: Which Key for Privacy vs Signing?

Domain 3 — Security Architecture and Engineering

Take the full CISSP practice test

120 questions, instant explanations, study-video links on every miss. No account.

Start full test →

What does a digital certificate primarily bind?

Study videos for this topic

Other practice tests