You need to ensure that clients will check at least every 30 minutes as to whether a certificate
has been revoked. Which of the following should you configure to accomplish this goal?
A.
Key recovery agent
B.
CRL publication interval
C.
Delta CRL publication interval
D.
Certificate templates.
https://technet.microsoft.com/en-us/library/cc782162%28v=ws.10%29.aspx
1
0
From the link snfonseka posted:
“Using delta certificate revocation lists
CRLs can become very long on large CAs that have experienced significant amounts of certificate revocation. This can become a burden for clients to download frequently. To help minimize frequent downloads of lengthy CRLs, delta CRLs can be published. This allows the client to download the most current delta CRL and combine that with the most current base CRL to have a complete list of revoked certificates. Because the client will normally have the CRL cached locally, the use of delta CRLs can potentially improve performance.
To use delta CRLs, the client application must be aware of and explicitly use delta CRLs for revocation checking. If the client does not use delta CRLs, it will retrieve the CRL from the CA every time it refreshes its cache, regardless of whether a delta CRL exists or not. For this reason, you should verify that the intended applications use delta CRLs and configure the CA accordingly.”
This makes answer C correct.
1
0