CompTIA CASP+ (CAS-004) — Question 625

Multiple users have reported that an internal website's status is listed as insecure because the TLS certificate has expired. Although a new certificate was generated, this issue has become a common occurrence throughout the year for multiple websites. Which of the following best prevents recurrence of this issue?

Answer options

• A. OCSP responder
• B. Life-cycle management
• C. Wildcard certificates
• D. Certificate pinning

Correct answer: B

Explanation

Life-cycle management is the best approach to prevent the recurrence of expired TLS certificates, as it involves monitoring and renewing certificates proactively before they expire. The other options, such as OCSP responders and certificate pinning, do not address the underlying issue of certificate expiration management, while wildcard certificates are used for multiple subdomains but do not inherently prevent expiration issues.