nerdexam
(ISC)2

CISSP-ISSAP · Question #144

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Which of the fol

The correct answer is C. Certificate Revocation List. Option C (Certificate Revocation List) is correct because a CRL is specifically the PKI mechanism designed to publish a list of certificates that have been suspended or revoked before their expiration date - allowing relying parties to check whether a certificate is still trustwo

Infrastructure Security

Question

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Which of the following components does the PKI use to list those certificates that have been revoked or are no longer valid? (ISC)2 CISSP-ISSAP Exam

Options

  • ACertification Practice Statement
  • BCertificate Policy
  • CCertificate Revocation List
  • DCertification Authority

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    7% (2)
  • C
    90% (26)

Explanation

Option C (Certificate Revocation List) is correct because a CRL is specifically the PKI mechanism designed to publish a list of certificates that have been suspended or revoked before their expiration date - allowing relying parties to check whether a certificate is still trustworthy.

  • Option A (Certification Practice Statement) is wrong - a CPS is a detailed document describing how a Certificate Authority (CA) operates and its practices for issuing certificates; it's a policy/operational document, not a revocation list.
  • Option B (Certificate Policy) is wrong - a CP defines the rules governing the issuance and use of certificates (e.g., acceptable use cases and assurance levels); it's a governance document, not a revocation mechanism.
  • Option D (Certification Authority) is wrong - the CA is the trusted entity that issues and signs certificates; it manages the PKI but is not itself the list of revoked certificates (though it does publish the CRL).

Memory tip: Think of a CRL like a "hotel do-not-rent list" - before you trust a guest (certificate), you check the list to see if they've been kicked out early. The acronym CRL = Certificate Revoked List (slightly simplified) makes it self-describing on the exam.

Topics

#Certificate Revocation List#PKI Components#Digital Certificates#Cryptography

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice