CompTIA Security Plus Mock Test Q1083

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid?

A. Bank’s CRL
B. Bank’s private key
C. Bank’s key escrow
D. Bank’s recovery agent

Correct Answer: A
Section: Cryptography

The finance department can check if any of the bank’s certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid.
The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the
reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.

Incorrect Answers:
B: Within PKI there are only two methods to verify certificates or keys still are valid. One is using a CRL and the other is using the OCSP protocol. Private key verification cannot be
used to a comprised CA.
C: Key escrow cannot be used to check if a certification is revoked or not.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.
D: A recovery agent cannot be used to check if certificates are still valid.
A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-285, 285