Public key certificates and keys that are compromised or were issued fraudulently are listed on which of
the following?

A.
PKI

B.
ACL

C.
CA

D.
CRL

Explanation:
A CRL is a locally stored record containing revoked certificates and revoked keys.
Incorrect Answers:
A: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates. Within a PKI you can use
CRL to meet the requirements in this question.
B: Access control lists (ACLs) enable devices in your network to ignore requests from specified users or
systems or to grant them access to certain network capabilities. ACLs cannot be used for certificates or
keys.
C: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital
certificates. You don’t use a CA to store revoked certificates.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 156-157, 279-280, 279-285, 285