CISSP · Question #442
Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?
The correct answer is C. Obtain the recipient's digital certificate.. S/MIME encryption requires the sender to possess the recipient's digital certificate, which contains their public key used to encrypt the message so only the recipient can decrypt it with their private key.
Question
Options
- ADigitally sign foe message.
- BObtain the recipients private key.
- CObtain the recipient's digital certificate.
- DEncrypt attachments.
How the community answered
(57 responses)- A7% (4)
- B5% (3)
- C86% (49)
- D2% (1)
Why each option
S/MIME encryption requires the sender to possess the recipient's digital certificate, which contains their public key used to encrypt the message so only the recipient can decrypt it with their private key.
Digitally signing a message is a separate S/MIME operation that authenticates the sender using the sender's own private key, and it is not a prerequisite for encrypting a message to a recipient.
Obtaining the recipient's private key would compromise their security entirely; private keys must remain secret and are never shared - only the recipient's public key (via their certificate) is needed by the sender.
In S/MIME, messages are encrypted using the recipient's public key, which is embedded in their digital certificate. The sender must obtain this certificate beforehand so the encryption algorithm can lock the message in a way that only the recipient's corresponding private key can unlock. Without the recipient's certificate, the sender has no way to perform asymmetric encryption destined for that specific recipient.
Encrypting attachments separately is not a required step in S/MIME; when a message is encrypted with S/MIME, the entire message including any attachments is encrypted as part of the same operation.
Concept tested: S/MIME encryption using recipient public key certificate
Source: https://learn.microsoft.com/en-us/exchange/security-and-compliance/smime-exo/smime-exo
Topics
Community Discussion
No community discussion yet for this question.