CCNP Security Question of the Week

Which of the following uses a polling method for revocation checking in a PKI environment?

  1. AAA
  2. CRL
  3. OCSP
  4. Not available


The correct answer is 2.

A Certificate Authority (CA) will publish its Certificate Revocation List (CRL) to identify the serial numbers of certificates that are no longer valid. The Fully Qualified Domain Name (FQDN) with the location of the CRL is placed into the CA root certificate. A host that chooses to trust the CA can use that information to periodically poll the CRL to determine which certificates have been revoked and should no longer be used.

Related Courses:
ASAE — ASA Essentials
FIREWALL — Deploying Cisco ASA Firewall Solutions
VPN – Deploying Cisco ASA VPN Solutions
CCNP Security – Cisco Certified Network Professional Security


In this article

Join the Conversation