Which of the following should a security technician implement to identify untrusted certificates?

A.
CA

B.
PKI

C.
CRL

D.
Recovery agent

Explanation:
Untrusted certificates and keys are revoked and put into the CRL. Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers
paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities
that issued them, are also included.
Incorrect Answers:
A: A certificate authority (CA) is an organization, not a static record containing certificates. A CA is responsible for issuing, revoking, and distributing certificates.
B: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke
digital certificates. Within a PKI you can use CRL to meet the requirements in this question.
D: A recovery agent cannot be used to check if certificates are still valid. A key recovery agent is an entity that has the ability to recover a key, key components, or
plaintext messages as needed.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 279-280, 279-285, 285