CompTIA Security Plus Mock Test Q1081

Which of the following provides a static record of all certificates that are no longer valid?

A. Private key
B. Recovery agent
C. CRLs
D. CA


Correct Answer: C
Section: Cryptography

Explanation:
The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the
reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release. When a
potential user attempts to access a server, the server allows or denies access based on the CRL entry for that particular user.

Incorrect Answers:
A: A private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages. A private key cannot provide a list of invalid certificates.
B: A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. A recovery agent does not provide a list of invalid
certificates.
D: A certificate authority (CA) is an organization, not a static record containing certificates. A CA is responsible for issuing, revoking, and distributing certificates.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-280, 271-285, 285