CompTIA Security Plus Mock Test Q1079

A CRL is comprised of.

A. Malicious IP addresses.
B. Trusted CA’s.
C. Untrusted private keys.
D. Public keys.


Correct Answer: D
Section: Cryptography

Explanation:
A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key.
By checking the CRL you can check if a particular certificate has been revoked.
The certificates for which a CRL should be maintained are often X.509/public key certificates, as this format is commonly used by PKI schemes.

Incorrect Answers:
A: The CRL contains certificates and keys, not IP addresses.
B: Trusted CAs are not listed in the CRL.
C: Public keys, not private keys, might be included in the CRL.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 278-285, 279-280, 285