CAS-003 · Question #853
CAS-003 Question #853: Real Exam Question with Answer & Explanation
The correct answer is C: The sending mail client is selecting the wrong public key to encrypt messages.. After deploying new network authentication certificates alongside existing S/MIME email certificates, the sending mail client is likely encrypting messages with the authentication certificate's public key rather than the recipient's S/MIME encryption key.
Question
Options
- AThe attestation service is not configured to accept the new certificates.
- BThe device certificates have the S/MIME attribute selected.
- CThe sending mail client is selecting the wrong public key to encrypt messages.
- DMultiple device certificates are associated with the same network port.
Explanation
After deploying new network authentication certificates alongside existing S/MIME email certificates, the sending mail client is likely encrypting messages with the authentication certificate's public key rather than the recipient's S/MIME encryption key.
Common mistakes.
- A. An attestation service misconfiguration affects device trust and certificate validation workflows, not the ability of a mail client to decrypt already-received S/MIME messages.
- B. If device certificates carried the S/MIME attribute, they might appear as candidates for email operations, but this describes a certificate property rather than the client-side key selection error that directly causes decryption failure.
- D. Associating multiple device certificates with the same network port is a network authentication configuration issue and has no relationship to S/MIME email encryption or decryption.
Concept tested. S/MIME certificate key selection causing email decryption failure
Reference. https://learn.microsoft.com/en-us/exchange/policy-and-compliance/smime/smime
Community Discussion
No community discussion yet for this question.