CAS-003 · Question #920
CAS-003 Question #920: Real Exam Question with Answer & Explanation
The correct answer is A: The attestation service is not configured to accept the new certificates.. When the company deployed new device and user certificates for network authentication, the attestation service-responsible for validating certificate authenticity and trust-was not updated to recognize or trust the newly issued certificates. S/MIME encrypted email relies on the s
Question
Options
- AThe attestation service is not configured to accept the new certificates.
- BThe device certificates have the S/MIME attribute selected
- CThe sending mail client is selecting the wrong public key to encrypt messages
- DMultiple device certificates are associated with the same network port
Explanation
When the company deployed new device and user certificates for network authentication, the attestation service-responsible for validating certificate authenticity and trust-was not updated to recognize or trust the newly issued certificates. S/MIME encrypted email relies on the same PKI infrastructure to validate recipient certificates when decrypting messages. Because the attestation service was not configured to accept the new certificates, the validation of those certificates fails during email decryption, causing users to be unable to read encrypted messages. The other options are less likely: Option B would affect email signing/encryption behavior but device certs shouldn't have S/MIME attributes selected if they're for network auth; Option C is plausible but implies a client-side misconfiguration rather than a systemic infrastructure problem; Option D relates to port binding which is unrelated to certificate validation.
Community Discussion
No community discussion yet for this question.