CompTIA Security Plus Mock Test Q1087

When employees that use certificates leave the company they should be added to which of the following?

A. PKI
B. CA
C. CRL
D. TKIP

Correct Answer: C
Section: Cryptography

Explanation:
The certificates of the leaving employees must be made unusable. This is done by revoking them. The revoke certificates end up in the CRL.
Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with
the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.

Incorrect Answers:
A: You can’t add revoked certificates to a PKI.
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
B: You can’t add revoked certificates to a CA.
D: TKIP is a wireless protocol and cannot manage certificates.
Temporal Key Integrity Protocol or TKIP was a stopgap security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group
and the Wi-Fi Alliance as an interim solution to replace WEP without requiring the replacement of legacy hardware.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 171, 279-280, 279-285, 285