Which of the following identifies certificates that have been compromised or suspected of being
compromised?

A.
Certificate revocation list

B.
Access control list

C.
Key escrow registry

D.
Certificate authority

Explanation:
Certificates that have been compromised or are suspected of being compromised are revoked.
A CRL is a locally stored record containing revoked certificates and revoked keys.
Incorrect Answers:
B: Access control lists (ACLs) enable devices in your network to ignore requests from specified users or
systems or to grant them access to certain network capabilities. ACLs cannot be used for certificates or
keys.
C: Key escrow is not related to revoked certificates.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of
key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as
it relates to home mortgages) and made available if that third party requests them. The third party in
question is generally the government, but it could also be an employer if an employee’s private messages
have been called into question.
D: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital
certificates. You don’t use a CA to store revoked certificates.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 156-157, 262, 279-280, 285