Which server would be queried to validate user credentials in a certificate-based authentication system?

In a certificate-based authentication system, a Certificate Authority (CA) is responsible for validating user credentials. The CA issues digital certificates that serve to authenticate the identity of users, devices, or platforms within a network. When a user attempts to authenticate, the server querying the CA validates the provided digital certificate against its database to ensure that it is legitimate and has not been revoked. This validation process confirms that the user or device holds a valid certificate and is thus allowed access to resources.

The other choices, while they play important roles in network management, do not serve the function of validating user credentials in this context. A DHCP server is responsible for dynamically assigning IP addresses to devices on a network. A DNS server translates domain names into IP addresses, facilitating communication across the Internet and networks. An ACL (Access Control List) on a web server is used to control access to specific resources based on defined permissions but does not handle the verification of digital certificates. Hence, the Certificate Authority is the correct choice for validating user credentials in a certificate-based authentication system.