When employees that use certificates leave the company they should be added to which of the
following?

A.
PKI

B.
CA

C.
CRL

D.
TKIP

Explanation:
The certificates of the leaving employees must be made unusable. This is done by revoking them. The
revoke certificates end up in the CRL.
Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with
digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation.
The dates of certificate issue, and the entities that issued them, are also included. In addition, each list
contains a proposed date for the next release.
Incorrect Answers:
A: You can’t add revoked certificates to a PKI.
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed
to create, manage, distribute, use, store, and revoke digital certificates.
B: You can’t add revoked certificates to a CA.
D: TKIP is a wireless protocol and cannot manage certificates.
Temporal Key Integrity Protocol or TKIP was a stopgap security protocol used in the IEEE 802.11 wireless
networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an
interim solution to replace WEP without requiring the replacement of legacy hardware.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 171, 279-280, 279-285, 285