CISA Certified Information Systems Auditor – Question1569 - CISA Certified Information Systems Auditor

Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?

A. Certificate revocation list (CRL)
B. Certification practice statement (CPS)
C. Certificate policy (CP)
D. PKI disclosure statement (PDS)

Correct Answer: B

Explanation:

Explanation:
The CPS is the how-to part in policy-based PKI. The CRL is a list of certificates that have been revoked before their scheduled expiration date. The CP sets the requirements that are subsequently implemented by the CPS. The PDS covers critical items such as the warranties, limitations and obligations that legally bind each party.