CompTIA Security+ (SY0-501) — Question 26

A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage.
Which of the following should be implemented?

Answer options

• A. Recovery agent
• B. Ocsp
• C. Crl
• D. Key escrow

Correct answer: C

Explanation

The correct answer is C, CRL (Certificate Revocation List), which allows a system to check the status of certificates without needing real-time internet access. Options A (Recovery agent) and D (Key escrow) do not pertain to certificate validation, while option B (Ocsp) requires an active internet connection to verify certificate status, making it unsuitable for the scenario described.