CompTIA Security+ (SY0-501) — Question 264

While troubleshooting a client application connecting to the network, the security administrator notices the following error: Certificate is not valid.
Which of the following is the BEST way to check if the digital certificate is valid?

Answer options

• A. PKI
• B. CRL
• C. CSR
• D. IPSec

Correct answer: B

Explanation

The correct answer is B, CRL (Certificate Revocation List), which is used to check if a digital certificate has been revoked. PKI (A) refers to the overall framework for managing digital certificates but does not directly validate a specific certificate. CSR (C) stands for Certificate Signing Request, used to request a certificate, and IPSec (D) is a protocol suite for securing internet protocol communications, which does not pertain to certificate validation.