CISSP-ISSAP · Question #80
Which of the following keys are included in a certificate revocation list (CRL) of a public key infrastructure (PKI)? Each correct answer represents a complete solution. Choose two.
The correct answer is B. A private key C. A public key. A CRL is digitally signed by the Certificate Authority (CA) using its private key, which authenticates the list's integrity and origin - making B correct. The public key is also relevant because a CRL tracks the revocation status of certificates, each of which contains a subject'
Question
Which of the following keys are included in a certificate revocation list (CRL) of a public key infrastructure (PKI)? Each correct answer represents a complete solution. Choose two.
Options
- AA foreign key
- BA private key
- CA public key
- DA primary key
How the community answered
(41 responses)- A7% (3)
- B88% (36)
- D5% (2)
Explanation
A CRL is digitally signed by the Certificate Authority (CA) using its private key, which authenticates the list's integrity and origin - making B correct. The public key is also relevant because a CRL tracks the revocation status of certificates, each of which contains a subject's public key, and the CA's public key is required by relying parties to verify the CRL's signature - making C correct. Options A (foreign key) and D (primary key) are relational database concepts that have no meaning in the context of PKI or cryptography, making them clearly incorrect distractors designed to test whether you're confusing domains.
Memory tip: Think "PKI uses P-keys" - Private key signs the CRL (proving it came from the CA), and Public key is what the revoked certificates contain and what verifies the CRL. If you see "foreign" or "primary" keys in a PKI question, they're always database red herrings.
Topics
Community Discussion
No community discussion yet for this question.