CompTIA Security Plus Mock Test Q1075

Joe, a user, reports to the system administrator that he is receiving an error stating his certificate has been revoked. Which of the following is the name of the database repository for these certificates?

A. CSR
B. OCSP
C. CA
D. CRL


Correct Answer: D
Section: Cryptography

Explanation:
A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key.

Incorrect Answers:
A: A CSR is a request to a CA, not a database of revoked certificates.
One of the first steps in getting a certificate is to submit a certificate-signing request (CSR). This is a request formatted for the CA. This request will have the public key you wish to use
and your fully distinguished name (often a domain name). The CA will then use this to process your request for a digital certificate.
B: OCSP is a protocol, not a database.
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
C: A CA is not a database for revoked certificates, though the CRL is stored on the CA.
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-280, 285