CompTIA
SY0-301 · Question #467
SY0-301 Question #467: Real Exam Question with Answer & Explanation
The correct answer is D: CRL. A Certificate Revocation List (CRL) is a locally downloadable, CA-signed list of revoked certificate serial numbers, making it the correct service for maintaining a local revocation record.
Question
A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?
Options
- AOCSP
- BPKI
- CCA
- DCRL
Explanation
A Certificate Revocation List (CRL) is a locally downloadable, CA-signed list of revoked certificate serial numbers, making it the correct service for maintaining a local revocation record.
Common mistakes.
- A. OCSP (Online Certificate Status Protocol) provides real-time certificate revocation status by querying an online responder and does not produce or store a local revocation record.
- B. PKI (Public Key Infrastructure) is the overarching framework of policies, hardware, software, and procedures for managing digital certificates, not a specific revocation record or service.
- C. A Certificate Authority (CA) is the entity that issues and signs certificates; while it publishes CRLs, the CA itself is not the locally stored record used to enumerate revoked certificates.
Concept tested. Certificate Revocation List for local certificate revocation tracking
Community Discussion
No community discussion yet for this question.