CompTIA Security Plus Mock Test Q1086

Which of the following identifies certificates that have been compromised or suspected of being compromised?

A. Certificate revocation list
B. Access control list
C. Key escrow registry
D. Certificate authority

Correct Answer: A
Section: Cryptography

Explanation:
Certificates that have been compromised or are suspected of being compromised are revoked.
A CRL is a locally stored record containing revoked certificates and revoked keys.

Incorrect Answers:
B: Access control lists (ACLs) enable devices in your network to ignore requests from specified users or systems or to grant them access to certain network capabilities. ACLs cannot
be used for certificates or keys.
C: Key escrow is not related to revoked certificates.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.
D: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. You don’t use a CA to store revoked certificates.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 156-157, 262, 279-280, 285