CompTIA Security+ (SY0-601) — Question 794

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

Answer options

• A. SCEP
• B. OCSP
• C. CSR
• D. CRL

Correct answer: B

Explanation

The correct answer is OCSP, which stands for Online Certificate Status Protocol, allowing real-time verification of a certificate's status. SCEP (A) is used for certificate enrollment, CSR (C) is a Certificate Signing Request, and CRL (D) is a list of revoked certificates but does not provide real-time status updates.