nerdexam
ExamsSY0-301Questions#866
CompTIA

SY0-301 · Question #866

SY0-301 Question #866: Real Exam Question with Answer & Explanation

The correct answer is D: CRL. A CRL (Certificate Revocation List) is a list published by a Certificate Authority (CA) that contains certificates that have been revoked before their expiration date. If a certificate is lost, it should be revoked and added to the CRL so that relying parties know not to trust it

Question

Which of the following digital certificate management practices will ensure that a lost certificate is not compromised?

Options

  • AKey escrow
  • BNon-repudiation
  • CRecovery agent
  • DCRL

Explanation

A CRL (Certificate Revocation List) is a list published by a Certificate Authority (CA) that contains certificates that have been revoked before their expiration date. If a certificate is lost, it should be revoked and added to the CRL so that relying parties know not to trust it - preventing it from being used maliciously if found. Key escrow stores copies of private keys with a trusted third party (for recovery, not revocation). Non-repudiation ensures actions can be attributed to a party and cannot be denied. A recovery agent is used to decrypt data when a user's key is lost, not to prevent a compromised certificate from being used.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice
Which of the following digital certificate management practices... | SY0-301 Q#866 Answer | NerdExam