Certificate Revocation — CompTIA Security+ (SY0-701) Practice Questions
Certificate revocation is the process of invalidating a digital certificate before its scheduled expiration when the associated private key is compromised or the certificate is no longer trustworthy. SY0-701 expects candidates to understand the two primary revocation mechanisms, the Certificate Revocation List (CRL) and the Online Certificate Status Protocol (OCSP), including their respective advantages and limitations around timeliness and scalability. The exam may present scenarios involving OCSP stapling, soft-fail versus hard-fail revocation checking policies, and the operational risks that arise when revocation infrastructure is unavailable or ignored by clients.
Free questions on certificate revocation
A company wants to implement a public key infrastructure (PKI) solution. Which component is responsible for issuing and revoking digital certificates?
Free question · easy · full answer + explanation
More certificate revocation questions in the full bank
- Code signing certificates are revoked when a publisher's private key is compromised. How do users know a certificate has been revoked? Unlock answer & explanation →
- A certificate revocation list (CRL) is used to identify which status? Unlock answer & explanation →