CompTIA Security Plus Mock Test Q1091

Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either “good”, “unknown”, or “revoked”?

A. CRL
B. PKI
C. OCSP
D. RA


Correct Answer: C
Section: Cryptography

Explanation:
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is ‘good’, ‘revoked’, or
‘unknown’. If it cannot process the request, it may return an error code.

Incorrect Answers:
A: CRL is not a protocol. CRL is a database which contains revoked certificates and keys.
B: A PKI is not a protocol.
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
D: A registration authority (RA) is not a protocol.
An RA offloads some of the work from a CA. An RA system operates as a middleman in the process: It can distribute keys, accept registrations for the CA, and validate identities.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-285, 285
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol