When employees that use certificates leave the company they should be added to which of the following?

A.
PKI

B.
CA

C.
CRL

D.
TKIP

Explanation:
The certificates of the leaving employees must be made unusable. This is done by revoking them. The revoke certificates end up in the CRL.
Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked
certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains
a proposed date for the next release.
Incorrect Answers:
A: You can’t add revoked certificates to a PKI.
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital
certificates.
B: You can’t add revoked certificates to a CA.
D: TKIP is a wireless protocol and cannot manage certificates. Temporal Key Integrity Protocol or TKIP was a stopgap security protocol used in the IEEE 802.11
wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring
the replacement of legacy hardware.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 279-280, 279-285, 285