CompTIA Security+ (SY0-601) — Question 656

A security analyst is reviewing a secure website that is generating TLS certificate errors. The analyst determines that the browser is unable to receive a response from the OCSP for the certificate. Which of the following actions would most likely resolve the issue?

Answer options

• A. Run a traceroute on the OCSP domain to find where the domain is failing.
• B. Create an exclusion for the OCSP domain in the content filter
• C. Unblock the OCSP protocol in the host-based firewall
• D. Add the root certificate to the trusted sites on the workstation with the issue.

Correct answer: C

Explanation

The correct answer is C because unblocking the OCSP protocol in the host-based firewall allows the browser to communicate with the OCSP server and receive the necessary certificate status information. Option A may help in diagnosing the issue but does not resolve it. Option B could prevent legitimate traffic from reaching the OCSP server, and option D does not address the communication issue with the OCSP server itself.