NGFW-ENGINEER · Question #105
NGFW-ENGINEER Question #105: Real Exam Question with Answer & Explanation
Sign in or unlock NGFW-ENGINEER to reveal the answer and full explanation for question #105. The question stem and answer options stay visible for context.
Question
An administrator is designing a public key infrastructure (PKI) integration for a large-scale deployment with thousands of users authenticating via client certificates. A key design goal is to ensure that certificate revocation status is checked efficiently with minimal impact on firewall performance and minimal delay for the connecting user. What is the primary advantage of using the Online Certificate Status Protocol (OCSP) instead of certificate revocation lists (CRLs) in this scenario?
Options
- AOCSP allows the firewall to act as its own certificate authority (CA), and it simplifies certificate
- BOCSP provides real-time status for a certificate on demand, is more scalable, and uses less
- COCSP is an older, more widely supported protocol than CRLs. ensuring compatibility with all client
- DOCSP bundles all certificate statuses into a single, digitally signed file for faster downloads by the
Unlock NGFW-ENGINEER to see the answer
You've previewed enough free NGFW-ENGINEER questions. Unlock NGFW-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.