CompTIA Security Plus Mock Test Q453

A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?

A. The certificate will be added to the Certificate Revocation List (CRL).
B. Clients will be notified that the certificate is invalid.
C. The ecommerce site will not function until the certificate is renewed.
D. The ecommerce site will no longer use encryption.

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
A similar process to certificate revocation will occur when a certificate is allowed to expire. Notification will be sent out to clients of the invalid certificate. The process of revoking a certificate begins when the CA is notified that a particular certificate needs to be revoked. This must be done whenever the private key becomes known. The owner of a certificate can request that it be revoked at any time, or the administrator can make the request.

Incorrect Answers:
A: Revocation occurs prior to expiration and not vice versa.
C: Expired certificates are not the same as a site ceasing to function; it is access that is the issue.
D: No longer using encryption would be impractical for an ecommerce webserver.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 285