An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the OCSP will impact network performance.
Which of the following should the security analyst recommend is lieu of an OCSP?
A. CSR
B. CRL
C. CA
D. OID
How To Pass SY0-601 Exam?CompTIA SY0-601 PDF dumps.High quality SY0-601 pdf and software. VALID exam to help you pass. |
 |
Correct answer is B. CRL (Certificate Revocation List). OSCP provides a real-time respond, which is an excellent example of supporting a common use case of low latency. If a CA revokes a certificate, clients using OCSP will know immediately. In contrast, clients are using a cached CRL, they will be unaware of the revoked certificate until another copy of the CRL is download. Thus authorities realized OSCP was generating a lot of real-time traffic to the CA because it requires a CA to respond to every request. OSCP “stapling” solved this problem.
POORLY WORDED QUESTION DUE TO ACRONYM OVER USE – answer could be CSR or CRL.
OCSP stapling, formally known as the TLS Certificate Status Request extension, is a standard for checking the revocation status of X.509 digital certificates. OCSP stapling allows the use of OCSP while reducing traffic. So does CSR represent “Certificate Status Request ” or does it represent “Certificate signing request” used in PKI.
Since CSR is now known as OCSP stapling, I will guess CRL and hope they intend CSR to mean “Certificate signing request”
Good point, but as you say B is the answer, as CSR probably mean “Certificate signing request”. Which to be fair to them is the most common definition of CSR – if you google “CSR security”.
CRLs are unreliable compared to OCSP so I will not assume they are willing to downgrade. Certificate Status Request introduces stapling to OCSP greatly reducing OCSP traffic. My guess is CSR.
It says they dont want to use the ocsp, CRL is the only answer that fits that