CompTIA Security+ (SY0-501) — Question 237
A security administrator receives an alert from a third-party vendor that indicates a certificate that was installed in the browser has been hijacked at the root of a small public CA. The security administrator knows there are at least four different browsers in use on more than a thousand computers in the domain worldwide.
Which of the following solutions would be BEST for the security administrator to implement to most efficiently assist with this issue?
Answer options
- A. SSL
- B. CRL
- C. PKI
- D. ACL
Correct answer: B
Explanation
The best solution in this scenario is to implement a Certificate Revocation List (CRL), as it allows the administrator to revoke the compromised certificate and notify the browsers of its invalid status. SSL, PKI, and ACL do not directly address the need to manage and revoke certificates that have been compromised.