CompTIA Security+ Question D-94

Which of the following should a security technician implement to identify untrusted certificates?

A. CA
B. PKI
C. CRL
D. Recovery agent

Answer: C

Explanation:
Untrusted certificates and keys are revoked and put into the CRL. Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included.