CompTIA Security+ (SY0-501) — Question 167

An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the OCSP will impact network performance.
Which of the following should the security analyst recommend is lieu of an OCSP?

Answer options

• A. CSR
• B. CRL
• C. CA
• D. OID

Correct answer: B

Explanation

The correct answer is B, CRL (Certificate Revocation List), as it provides a list of revoked certificates that can be checked periodically rather than repeatedly querying the OCSP, thus reducing network load. Options A (CSR) and C (CA) are not alternatives to OCSP, as CSR is for certificate requests and CA is the authority issuing certificates. Option D (OID) refers to Object Identifiers, which does not serve the purpose of revocation checking.