CompTIA Security+ (SY0-601) — Question 654

During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase?

Answer options

• A. Updating the CRL
• B. Patching the CA
• C. Changing passwords
• D. Implementing SOAR

Correct answer: A

Explanation

Updating the CRL is crucial as it ensures that revoked certificates are no longer trusted, which directly addresses the exploited flaw. Patching the CA, changing passwords, and implementing SOAR are important security measures but do not specifically resolve the immediate issue related to the compromised certificates.