CompTIA CASP+ (CAS-004) — Question 49
A cybersecurity analyst discovered a private key that could have been exposed.
Which of the following is the BEST way for the analyst to determine if the key has been compromised?
Answer options
- A. HSTS
- B. CRL
- C. CSRs
- D. OCSP
Correct answer: D
Explanation
The best approach to check if a private key has been compromised is using OCSP (Online Certificate Status Protocol), as it allows real-time verification of the status of the certificate associated with the key. HSTS (HTTP Strict Transport Security) does not relate to key compromise, while CRL (Certificate Revocation List) and CSRs (Certificate Signing Requests) do not provide immediate status updates like OCSP does.