CompTIA Security Plus Mock Test Q1084

A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?

A. OCSP
B. PKI
C. CA
D. CRL


Correct Answer: D
Section: Cryptography

Explanation:
A CRL is a locally stored record containing revoked certificates and revoked keys.

Incorrect Answers:
A: OCSP is a protocol, not a database.
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
B: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
Within a PKI you can use CRL to meet the requirements in this question.
C: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. You don’t use a CA to store revoked certificates.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-280, 279-285, 285