When a private key for a website is stolen, the certificate associated with that key is considered compromised. The next important step is to update the Certificate Revocation List (CRL) to include the old certificate so that clients and browsers know that it should no longer be trusted.
A. SCEP (Simple Certificate Enrollment Protocol)-for enrolling only
C. OCSP (Online Certificate Status Protocol): check status online
D. CSR (Certificate Signing Request): Request new certificate.
The correct answer is:
B. CRL
Explanation:
When a private key is stolen, the associated certificate must be revoked to ensure it is no longer trusted. Updating the Certificate Revocation List (CRL) is necessary to inform systems that the certificate is invalid and should not be trusted.
Other Options:
A. SCEP (Simple Certificate Enrollment Protocol): Used for certificate enrollment but is not related to revoking or updating certificates.
C. OCSP (Online Certificate Status Protocol): This protocol is used to check the revocation status of a certificate in real time, but the CRL must be updated first for OCSP to reflect the change.
D. CSR (Certificate Signing Request): This is used to request a new certificate but does not handle revocation or updates related to the stolen private key.
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked. When a private key is compromised, the corresponding certificate should be revoked to prevent its further use. By updating the CRL, the system can validate the authenticity of certificates and prevent unauthorized access.
D. CSR (Certificate Signing Request).
Explanation:
When a private key is compromised, the entire certificate needs to be reissued. This involves the following steps:
Generate a new CSR: A new Certificate Signing Request (CSR) is generated, which includes the public key associated with the new private key.
Submit the CSR to the CA: The new CSR is submitted to the Certificate Authority (CA) for verification and signing.
Issue a new certificate: The CA issues a new digital certificate that is bound to the new public key.
Once the new certificate is issued, it needs to be installed on the web server. The other options (SCEP, CRL, and OCSP) are related to certificate management and revocation, but they are not directly affected by the compromise of the private key and the issuance of a new certificate.
OCSP does not mean Offensive Security Certified Professional;
It means Online Certificate Status Protocol
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
4617f0b
Highly Voted 4 months, 2 weeks ago9149f41
Most Recent 2 months, 3 weeks agoAnyio
2 months, 4 weeks agoProudFather
4 months, 1 week agoCocopqr
4 months, 2 weeks agos_plus
5 months agoiliecomptia
4 months, 2 weeks ago