CompTIA Security+ (SY0-701) — Question 256

During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase?

Answer options

• A. Updating the CRL
• B. Patching the CA
• C. Changing passwords
• D. Implementing SOAR

Correct answer: A

Explanation

Updating the CRL is essential to remove any compromised certificates from circulation, which directly addresses the vulnerability exploited during the test. While patching the CA and changing passwords are important security measures, they do not specifically resolve the immediate issue of the compromised certificates. Implementing SOAR, while beneficial for overall security management, does not directly remediate the specific PKI flaw that was exploited.