Which of the following statements are correct about the PKI system structure?

Explanation From HCIA-Security documents:

All four statements describe standard PKI roles and structure. A PKI entity is any certificate holder or relying participant that uses PKI services, which includes people, organizations, network devices, servers, and even application processes, so A is correct. PKI trust is commonly built using a CA hierarchy, where the root CA anchors trust and subordinate CAs issue certificates under the root’s authority, so B is correct. The CA is the core trusted component that signs (issues) certificates and manages their lifecycle activities such as renewal, suspension or revocation publication, and certificate status services, so C is correct. In many enterprise implementations, the PKI system is presented as three major roles: entities that request/use certificates, the RA that performs identity verification and approval of requests, and the CA that issues certificates based on validated requests, so D is also correct.