CCIE Practice Test 2025 – Complete Exam Prep Resource

Question: 1 / 400

Which of the following statements is true about the OSCP servers in PKI?

The match certificate command is ignored unless the router clock is set

OSCP enables a PKI to use a CRL without any limitations in time

Different OSCP servers can be configured for different groups of client certificates

The statement about different OSCP servers being configured for different groups of client certificates is accurate because it highlights the flexibility of OCSP (Online Certificate Status Protocol) in managing certificate statuses within a Public Key Infrastructure (PKI). OCSP allows organizations to designate specific OCSP servers to handle requests for particular sets of certificates, which can enhance performance and reduce load on a single server. This capability is particularly beneficial in large and complex enterprise environments, where different applications may have distinct certificate requirements.

Setting up different OCSP servers tailored to specific client groups allows for better management and monitoring of certificate status, ensuring that clients receive timely and accurate information regarding the validity of their certificates. This segmentation can also improve overall security, as each server can be tailored to the needs and security policies of its respective user group.

Get further explanation with Examzify DeepDiveBeta

OSCP is not suitable for enterprise PKIs where CRLs expire frequently

Next Question

Report this question

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy