CompTIA Security Plus Mock Test Q1090

A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user’s digital certificate. Which of the following will help resolve the issue? (Select TWO).

A. Revoke the digital certificate
B. Mark the key as private and import it
C. Restore the certificate using a CRL
D. Issue a new digital certificate
E. Restore the certificate using a recovery agent

Correct Answer: A,D
Section: Cryptography

Explanation:
The user’s certificate must be revoked to ensure that the stolen computer cannot access resources the user has had access to.
To grant the user access to the resources he must be issued a new certificate.

Incorrect Answers:
B: Within a PKI there is no meaningful procedure that marks and import a key.
C: The certificate needs to be revoked, not to be restored.
CRLs are used to store revoked certificates and signatures. CRLs are not used to restore certificates.
E: Restore the certificate using a recovery agent

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-285, 285