Cisco Certified Internetwork Expert (CCIE) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Get ready for the CCIE exam with our powerful quiz. Study with interactive questions and detailed explanations to excel in your certification journey. Boost your confidence and expertise in networking!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following statements is true about the OSCP servers in PKI?

The match certificate command is ignored unless the router clock is set
OSCP enables a PKI to use a CRL without any limitations in time
Different OSCP servers can be configured for different groups of client certificates
OSCP is not suitable for enterprise PKIs where CRLs expire frequently

The correct answer is: Different OSCP servers can be configured for different groups of client certificates

The statement about different OSCP servers being configured for different groups of client certificates is accurate because it highlights the flexibility of OCSP (Online Certificate Status Protocol) in managing certificate statuses within a Public Key Infrastructure (PKI). OCSP allows organizations to designate specific OCSP servers to handle requests for particular sets of certificates, which can enhance performance and reduce load on a single server. This capability is particularly beneficial in large and complex enterprise environments, where different applications may have distinct certificate requirements. Setting up different OCSP servers tailored to specific client groups allows for better management and monitoring of certificate status, ensuring that clients receive timely and accurate information regarding the validity of their certificates. This segmentation can also improve overall security, as each server can be tailored to the needs and security policies of its respective user group.