CompTIA Security+ Question A-94

A CRL is comprised of.

A. Malicious IP addresses.
B. Trusted CA’s.
C. Untrusted private keys.
D. Public keys.

Answer: D

A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. By checking the CRL you can check if a particular certificate has been revoked. The certificates for which a CRL should be maintained are often X.509/public key certificates, as this format is commonly used by PKI schemes.