CompTIA Security+ SY0-701 Practice Question

Implementing the Online Certificate Status Protocol (OCSP) allows clients to check the validity of certificates in real-time by querying the certificate authority's OCSP responder. This provides immediate feedback on whether a certificate is valid or has been revoked. A Certificate Revocation List (CRL) is a list of revoked certificates that clients can download, but it is updated periodically and may not reflect the most recent revocations, leading to potential delays in detection. Self-signed certificates are not issued by a trusted certificate authority and do not facilitate real-time validation by clients. A Certificate Signing Request (CSR) is a request sent to a certificate authority to obtain a new certificate and is unrelated to checking the validity of existing certificates.