CompTIA Security+ (SY0-501) — Question 482

The Chief Information Officer (CIO) has determined the company's new PKI will not use OCSP. The purpose of OCSP still needs to be addressed. Which of the following should be implemented?

Answer options

• A. Build an online intermediate CA.
• B. Implement a key escrow.
• C. Implement stapling.
• D. Install a CRL.

Correct answer: B

Explanation

Implementing a key escrow (Option B) is the correct solution as it allows for the secure storage of cryptographic keys, facilitating recovery and access without OCSP. The other options do not directly address the need for real-time certificate validation or recovery mechanisms in the absence of OCSP, making them less suitable for this scenario.