PrepAway - Latest Free Exam Questions & Answers

Which of the following statements are true about OCSP and CRL?

Which of the following statements are true about OCSP and CRL?

Each correct answer represents a complete solution. Choose all that apply.

PrepAway - Latest Free Exam Questions & Answers

A.
The OCSP checks certificate status in real time

B.
The CRL is a list of subscribers paired with digital certificate status.

C.
The main limitation of CRL is the fact that updates must be frequently downloaded to keep the list current.

D.
The CRL allows the authenticity of a certificate to be immediately verified.

Explanation:
Certificate Revocation List (CRL) is one of the two common methods when using a public key infrastructure for maintaining access to servers in a network. Online Certificate Status Protocol (OCSP), a newer method, has superseded CRL in some cases.

The CRL is a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason for revocation. The dates of certificate issue, and the entities that issued them, are also included. The main limitation of CRL is the fact that updates must be frequently downloaded to keep the list current OCSP overcomes this limitation by checking certificate status in real time. The OCSP allows the authenticity of a certificate to be immediately verified.


Leave a Reply