PrepAway - Latest Free Exam Questions & Answers

What happens to the certificates contained on the smart…

Suppose that you are the COMSEC – Communications Security custodian for a large, multinational corporation.
Susie, from Finance approaches you in the break room saying that she lost her smart ID card that she uses to
digitally sign and encrypt emails in the PKI.What happens to the certificates contained on the smart card after the security officer takes appropriate action?

PrepAway - Latest Free Exam Questions & Answers

A.
They are added to the CRL

B.
They are reissued to the user

C.
New certificates are issued to the user

D.
The user may no longer have certificates

Explanation:
A certificate that is no longer trusted should be revoked.
The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if
necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a certificate
revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated
periodically. A certificate may be revoked because the key holder’s private key was compromised or because
the CA discovered the certificate was issued to the wrong person.
An analogy for the use of a CRL is how a driver’s license is used by a police officer. If an officer pulls over Sean
for speeding, the officer will ask to see Sean’s license. The officer will then run a check on the license to find
out if Sean is wanted for any other infractions of the law and to verify the license has not expired. The same
thing happens when a person compares a certificate to a CRL. If the certificate became invalid for some
reason, the CRL is the mechanism for the CA to let others know this information.
Incorrect Answers:
B: The certificates contained on the smart card should be revoked to invalidate the certificates. They should not
be reissued; new certificates (with a different key) should be issued.
C: New certificates (containing new keys) should be issued to the user. However, this question is asking about
the certificates stored on the lost smart card. The certificates contained on the smart card should be revoked.
D: It is not true that the user may no longer have certificates. New certificates with different keys can be issued
to the user and the old certificates (the ones on the smart card) can be revoked.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 836-837


Leave a Reply