A company wants to implement a public key infrastructure (PKI) solution. Which component is responsible for issuing and revoking digital certificates?

  1. Certificate Authority (CA) ✓
  2. Trust Anchor
  3. Registration Authority (RA)
  4. Certificate Revocation List (CRL)

Correct answer: Certificate Authority (CA)

Option A is correct because the Certificate Authority (CA) is the trusted entity in a PKI that signs, issues, and revokes digital certificates, binding public keys to identities. Option B is incorrect because a Trust Anchor is the root CA or public key that a relying party inherently trusts as a starting point for chain validation, not the component that performs issuance or revocation. Option C is incorrect because the Registration Authority (RA) handles identity vetting and enrollment requests on behalf of the CA but does not itself sign or revoke certificates. Option D is incorrect because the Certificate Revocation List (CRL) is an artifact published by the CA listing revoked certificate serial numbers, not a component that performs the revocation action itself.

Topic: Security Operations · pki, certificate authority, digital certificates, certificate revocation

Practice CompTIA Security+ (SY0-701) Questions Free