CompTIA Security+ (SY0-501) — Question 153

A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable.
Which of the following MUST be implemented to support this requirement?

Answer options

• A. CSR
• B. OCSP
• C. CRL
• D. SSH

Correct answer: C

Explanation

The correct answer is C, CRL (Certificate Revocation List), which allows the application to check a list of revoked certificates without needing internet access. Options A (CSR) and D (SSH) are not related to certificate validation, while B (OCSP) requires internet connectivity to check the status of certificates.