PrepAway - Latest Free Exam Questions & Answers

which of the following should be accessible locally from every site to ensure users with bad certificates cann

A systems administrator has implemented PKI on a classified government network. In the event that a
disconnect occurs from the primary CA, which of the following should be accessible locally from every site
to ensure users with bad certificates cannot gain access to the network?

PrepAway - Latest Free Exam Questions & Answers

A.
A CRL

B.
Make the RA available

C.
A verification authority

D.
A redundant CA

Explanation:
A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key.
By checking the CRL you can check if a particular certificate has been revoked.
Incorrect Answers:
B: Access to a registration authority (RA) is not required to check for bad certificates. A CRL will do fine.
A registration authority (RA) offloads some of the work from a CA. An RA system operates as a middleman
in the process: It can distribute keys, accept registrations for the CA, and validate identities.
C: A verification authority is used to check the uniqueness of a certificate, not primarily to check for bad
certificates.The user identity must be unique within each CA domain. The third-party validation authority
(VA)/verification authority can provide this information on behalf of the CA. The binding is established
through the registration and issuance process.
D: A redundant CA is not required to check for bad certificates. A CRL will do fine.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 262, 279-280, 285


Leave a Reply