Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either “good”, “unknown”, or “revoked”?

A.
CRL

B.
PKI

C.
OCSP

D.
RA

Explanation:
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is ‘good’,
‘revoked’, or ‘unknown’. If it cannot process the request, it may return an error code.
Incorrect Answers:
A: CRL is not a protocol. CRL is a database which contains revoked certificates and keys.
B: A PKI is not a protocol.
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital
certificates.
D: A registration authority (RA) is not a protocol.
An RA offloads some of the work from a CA. An RA system operates as a middleman in the process: It can distribute keys, accept registrations for the CA, and
validate identities.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 279-285, 285
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol