CompTIA Security+ (SY0-601) — Question 481

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

Answer options

• A. RA
• B. OCSP
• C. CRL
• D. CSR

Correct answer: C

Explanation

The correct answer is C, CRL (Certificate Revocation List), as it provides a list of revoked certificates that can be checked offline, making it suitable for an offline facility. OCSP (B) requires online access to check the status of a certificate in real-time, which is not feasible here. RA (A) and CSR (D) are not relevant to checking certificate validity or revocation status.