CompTIA Security+ (SY0-501) — Question 761

A systems administrator wants to replace the process of using a CRL to verify certificate validity. Frequent downloads are becoming problematic. Which of the following would BEST suit the administrator's needs?

Answer options

• A. OCSP
• B. CSR
• C. Key escrow
• D. CA

Correct answer: A

Explanation

The correct answer is OCSP (Online Certificate Status Protocol), which allows for real-time verification of certificate validity without the need for downloading a complete CRL. The other options do not address the issue of certificate validity verification: CSR (Certificate Signing Request) is for requesting a certificate, Key escrow is about storing keys securely, and CA (Certificate Authority) is the entity that issues certificates.