nerdexam
ExamsSY0-301Questions#22
CompTIA

SY0-301 · Question #22

SY0-301 Question #22: Real Exam Question with Answer & Explanation

The correct answer is D: Public keys.. A Certificate Revocation List (CRL) is a list published by a Certificate Authority (CA) that contains digital certificates that have been revoked before their expiration date. Digital certificates bind an identity to a public key, so a CRL is effectively a list of public keys (vi

Question

A CRL is comprised of:

Options

  • AMalicious IP addresses.
  • BTrusted CA's.
  • CUntrusted private keys.
  • DPublic keys.

Explanation

A Certificate Revocation List (CRL) is a list published by a Certificate Authority (CA) that contains digital certificates that have been revoked before their expiration date. Digital certificates bind an identity to a public key, so a CRL is effectively a list of public keys (via their associated certificates) that are no longer trusted. When a client encounters a certificate, it checks the CRL to verify the certificate has not been revoked. The other options are incorrect: CRLs do not contain malicious IP addresses (that would be a blocklist), trusted CAs (that is a trust store), or untrusted private keys (private keys are never distributed publicly).

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice