An administrator is designing a public key infrastructure (PKI) integration for a large-scale deployment with...

Basic Concept: OCSP and CRL both check certificate revocation, but OCSP performs on-demand status checks instead of downloading full revocation lists.

Why B is Correct: OCSP is more scalable for large deployments because it returns real-time status for a certificate with lower memory and download overhead.

Why A is Wrong: OCSP allows the firewall to act as its own certificate authority (CA), and it simplifies certificate management. is associated with authentication, PKI, or TLS configuration, but it is not the object or step that enforces the certificate validation or service identity requirement being tested.

Why C is Wrong: OCSP is an older, more widely supported protocol than CRLs. ensuring compatibility with all client devices. is associated with authentication, PKI, or TLS configuration, but it is not the object or step that enforces the certificate validation or service identity requirement being tested.

Why D is Wrong: OCSP bundles all certificate statuses into a single, digitally signed file for faster downloads by the firewall. is associated with authentication, PKI, or TLS configuration, but it is not the object or step that enforces the certificate validation or service identity requirement being tested.