September 2021

Article

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following mechanisms offer the most immediate way to invalidate a compromised digital certificate? A. Online Certificate Status Protocol (OCSP) B. Certificate Revocation List (CRL) C. Changing the private key D. Changing the public key Correct Answer: A Looking at this question, we can immediately eliminate two of the answers. Changing the keys associated with a certificate would not invalidate the certificate, as an imposter would still be able to use the certificate with the old keys, so we know that the two answers suggesting changing keys are not correct. The two possible methods for invalidating a digital certificate are adding it to a certificate revocation list (CRL) or using the online certificate status protocol (OCSP). Of these two methods, the OCSP is immediate, while using a CRL has a time delay, making OCSP our correct answer here Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...