ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 874 discussion

Actual exam question from CompTIA's SY0-501
Question #: 874
Topic #: 1
[All SY0-501 Questions]

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

  • A. RA
  • B. OCSP
  • C. CRI
  • D. CSR
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CoRell at Aug. 13, 2020, 4:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CoRell
Highly Voted 4 years, 11 months ago
When the question talks about revocation of certificates it's usually either OCSP or CRL.
upvoted 15 times
...
buklog
Highly Voted 4 years, 11 months ago
It says offline,meaning CRL
upvoted 10 times
Max_DeJaV
4 years, 11 months ago
offline is not mentioned in the question
upvoted 1 times
Max_DeJaV
4 years, 11 months ago
My fault, I didn't see "offline"
upvoted 2 times
who__cares123456789___
4 years, 7 months ago
I still dont see it!!! Looked 3 times cause I fear I am now insane!!
upvoted 3 times
who__cares123456789___
4 years, 7 months ago
SAW IT!!! Guess I need to try and find a CRI now! Maybe that's something real I missed!
upvoted 1 times
...
...
...
...
...
MrNYC
Most Recent 4 years, 1 month ago
Same question, Question No: 166, They have answer CRL. I do not know if they did it intentionally or just by mistake !!!!!
upvoted 2 times
MrNYC
4 years, 1 month ago
Question No: 166 in SYO-601, but again in this question it says CRI not CRL so i guess we have only OCSP option here.
upvoted 1 times
...
...
jfkqobum
4 years, 2 months ago
In small networks where there are is no Internet connection or connection to an OCSP responder, CRL is better option than OCSP.
upvoted 1 times
...
whitehathehe
4 years, 2 months ago
CRL because the question mentions "offline"
upvoted 1 times
...
yeaggie
4 years, 3 months ago
Answer is C: CRL due to OSCP needing the Internet to validate. Facility is offline
upvoted 2 times
...
KINGKONG1010
4 years, 3 months ago
This is C : CRL Look at the typo . User writes it with lower L = l If you look at other answers and if they meant to be i = i CRl CRi. So they meant to write CRL
upvoted 1 times
...
Aarongreene
4 years, 3 months ago
OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources. The other, older method, which OCSP has superseded in some scenarios, is known as Certificate Revocation List (CRL).
upvoted 1 times
...
Aarongreene
4 years, 3 months ago
In cryptography, a certificate revocation list (or CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". Might be C if it is spelled crL
upvoted 1 times
...
AlexChen011
4 years, 5 months ago
This must be typo - CRL Keyword: offline government facility - how can OCSP used for offiline facility
upvoted 3 times
...
exiledwl
4 years, 7 months ago
I know C says CRI but this is most likely a typo from whoever typed up this question here. If on the real exam the answer CRL is among choices you should know that CRL is faster than OCSP. Source: https://docs.microfocus.com/NNMi/10.30/Content/Administer/NNMi_Deployment/Advanced_Configurations/Cert_Validation_CRL_and_OCSP.htm
upvoted 2 times
...
DookyBoots
4 years, 10 months ago
I think we must assume this offline facility is using an internal PKI? If that is the case, then yeah, OCSP is the answer. A more obvious choice would be OCSP stapling. A CRL for an internal structure wouldn't be very big though.
upvoted 1 times
...
Hanzero
4 years, 10 months ago
I think the answer is B because C says CRI not CRL. Either it's a type or another reading comprehension question lol
upvoted 3 times
Hanzero
4 years, 10 months ago
i meant typo*
upvoted 1 times
...
...
babati
4 years, 11 months ago
https://www.youtube.com/watch?v=WXNKQ_otO_g
upvoted 1 times
babati
4 years, 11 months ago
https://docs.microfocus.com/NNMi/10.30/Content/Administer/NNMi_Deployment/Advanced_Configurations/Cert_Validation_CRL_and_OCSP.htm
upvoted 1 times
bobthebuilder55110
4 years, 6 months ago
As per this it should be CRL if it was spelled correctly in the exam, since it says download once for a day type of service and also it is network resilient and in the question it is mentioned that the facility is offline gov, can someone explain if OSCP is possible without network? if not then how can it be the answer as the site is offline ??
upvoted 1 times
...
...
...
ramirocastillo1986
4 years, 11 months ago
Option C spells cri not CRL. Copy and past option C to Sec+ objectives and you will see.
upvoted 2 times
Heymannicerouter
4 years, 3 months ago
Could be a typo
upvoted 1 times
...
...
steelerdave70
4 years, 11 months ago
why wouldnt it be C (CRL)?
upvoted 2 times
Max_DeJaV
4 years, 11 months ago
The question asks: "the fastest check with the least delay". OCSP can check in realtime if the certificate is valid. CRL must be scheduled and downloaded locally, depending on the script, could also be updated every 24 hours.
upvoted 7 times
...
R7909
4 years, 11 months ago
Cause C is CRI, not CRL
upvoted 10 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel