nerdexam
ExamsSY0-301Questions#746
CompTIA

SY0-301 · Question #746

SY0-301 Question #746: Real Exam Question with Answer & Explanation

The correct answer is A: It should be kept public. The Certificate Revocation List must be publicly accessible so that relying parties can verify whether a certificate has been revoked before trusting it.

Question

Which of the following is true about the CRL?

Options

  • AIt should be kept public
  • BIt signs other keys
  • CIt must be kept secret
  • DIt must be encrypted

Explanation

The Certificate Revocation List must be publicly accessible so that relying parties can verify whether a certificate has been revoked before trusting it.

Common mistakes.

  • B. Signing keys is the role of the Certificate Authority (CA), not the CRL; the CRL only lists revoked certificate serial numbers.
  • C. Keeping the CRL secret would defeat its purpose, as relying parties must be able to download and consult it to verify certificate validity.
  • D. The CRL does not require encryption because it is a publicly accessible, CA-signed document; its integrity is protected by the CA's digital signature, not encryption.

Concept tested. Certificate Revocation List public availability and purpose

Reference. https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-the-cdp-and-aia-extensions-on-ca1

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice