CompTIA Security Plus Mock Test Q1088

Which of the following should a security technician implement to identify untrusted certificates?

A. CA
B. PKI
C. CRL
D. Recovery agent

Correct Answer: C
Section: Cryptography

Explanation:
Untrusted certificates and keys are revoked and put into the CRL.
Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with
the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included.

Incorrect Answers:
A: A certificate authority (CA) is an organization, not a static record containing certificates. A CA is responsible for issuing, revoking, and distributing certificates.
B: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
Within a PKI you can use CRL to meet the requirements in this question.
D: A recovery agent cannot be used to check if certificates are still valid.
A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-280, 279-285, 285