CompTIA Security+ (SY0-501) — Question 569

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

Answer options

• A. RA
• B. OCSP
• C. CRI
• D. CSR

Correct answer: B

Explanation

The Online Certificate Status Protocol (OCSP) is designed for fast and efficient checking of certificate revocation status, making it the best choice for quick verification. In contrast, RA (Registration Authority) and CSR (Certificate Signing Request) are not used for checking revocation, while CRI (Certificate Revocation List) is typically slower since it requires downloading and checking against a list rather than querying a server directly.