Which of the following identifies certificates that have been compromised or suspected of being compromised?

A.
Certificate revocation list

B.
Access control list

C.
Key escrow registry

D.
Certificate authority

Explanation:
Certificates that have been compromised or are suspected of being compromised are revoked. A CRL is a locally stored record containing revoked certificates and

revoked keys.
Incorrect Answers:
B: Access control lists (ACLs) enable devices in your network to ignore requests from specified users or systems or to grant them access to certain network
capabilities. ACLs cannot be used for certificates or keys.
C: Key escrow is not related to revoked certificates.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are
held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is
generally the government, but it could also be an employer if an employee’s private messages have been called into question.
D: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. You don’t use a CA to store revoked certificates.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 156-157, 262, 279-280, 285