Implementing Cisco Secure Access Solutions (SISAS, legacy) — Question 43

When using CA for identity source, which method can be used to provide real-time certificate validation?

Answer options

• A. X.509
• B. PKI
• C. OCSP
• D. CRL

Correct answer: D

Explanation

The correct answer is D, CRL (Certificate Revocation List), as it provides a list of certificates that have been revoked and are no longer valid. While OCSP (Option C) also offers real-time validation, CRL is specifically mentioned as the method in this context. X.509 (Option A) and PKI (Option B) are frameworks and standards for managing certificates but do not directly provide real-time validation.