Question 32

Show Answer

The correct answer is C.

OBJ-3.5: Certificate stapling allows a webserver to perform certificate status checking instead of having the browser perform the checking. The web server checks the status of a certificate and provides the browser with the digitally signed response from the OCSP responder. Certificate stapling is much faster than using individual queries to the CA using OCSP. The online certificate status protocol (OSCP) allows clients to request the status of a digital certificate and to check whether it is revoked. A certificate revocation list (CRL) is a list of every digital certificate that has been revoked before its expiration date. Certificate pinning is a deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize on-path (formerly man-in-the-middle) attacks.

Hide Answer