A company is concerned that a compromised certificate may result in a man-in-the-middle attack
against backend financial servers. In order to minimize the amount of time a compromised
certificate would be accepted by other servers, the company decides to add another validation
step to SSL/TLS connections. Which of the following technologies provides the FASTEST
revocation capability?

A.
Online Certificate Status Protocol (OCSP)

B.
Public Key Cryptography (PKI)

C.
Certificate Revocation Lists (CRL)

D.
Intermediate Certificate Authority (CA)

Explanation:
CRL (Certificate Revocation List) was first released to allow the CA to revoke certificates, however
due to limitations with this method it was succeeded by OSCP. The main advantage to OCSP is
that because the client is allowed query the status of a single certificate, instead of having to
download and parse an entire list there is much less overhead on the client and network.