CompTIA CASP+ (CAS-004) — Question 539
A cybersecurity analyst discovered a private key that could have been exposed.
Which of the following is the BEST way for the analyst to determine if the key has been compromised?
Answer options
- A. HSTS
- B. PKI
- C. CSRs
- D. OCSP
Correct answer: D
Explanation
The correct answer is D, OCSP (Online Certificate Status Protocol), which allows the analyst to check the revocation status of a digital certificate in real-time, indicating if the private key associated with it has been compromised. The other options, such as HSTS, PKI, and CSRs, do not provide a direct method for checking the compromise status of a private key.