CompTIA CASP+ (CAS-004) — Question 151

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Answer options

• A. Deploy an RA on each branch office.
• B. Use Delta CRLs at the branches.
• C. Configure clients to use OCSP.
• D. Send the new CRLs by using scheduled jobs.

Correct answer: B

Explanation

The best solution is to use Delta CRLs at the branches because they provide only the changes since the last full CRL, significantly reducing traffic and resource usage. Deploying an RA at each branch (Option A) would not be as efficient or low power as Delta CRLs. Configuring clients to use OCSP (Option C) may not address the need for branches to regularly receive updates about revoked certificates. Sending CRLs via scheduled jobs (Option D) could lead to outdated information being used until the next scheduled job runs.