nerdexam
(ISC)2

CISSP · Question #442

Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?

The correct answer is C. Obtain the recipient's digital certificate.. S/MIME encryption requires the sender to possess the recipient's digital certificate, which contains their public key used to encrypt the message so only the recipient can decrypt it with their private key.

Submitted by kevin_r· Mar 5, 2026Communication and Network Security

Question

Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?

Options

  • ADigitally sign foe message.
  • BObtain the recipients private key.
  • CObtain the recipient's digital certificate.
  • DEncrypt attachments.

How the community answered

(57 responses)
  • A
    7% (4)
  • B
    5% (3)
  • C
    86% (49)
  • D
    2% (1)

Why each option

S/MIME encryption requires the sender to possess the recipient's digital certificate, which contains their public key used to encrypt the message so only the recipient can decrypt it with their private key.

ADigitally sign foe message.

Digitally signing a message is a separate S/MIME operation that authenticates the sender using the sender's own private key, and it is not a prerequisite for encrypting a message to a recipient.

BObtain the recipients private key.

Obtaining the recipient's private key would compromise their security entirely; private keys must remain secret and are never shared - only the recipient's public key (via their certificate) is needed by the sender.

CObtain the recipient's digital certificate.Correct

In S/MIME, messages are encrypted using the recipient's public key, which is embedded in their digital certificate. The sender must obtain this certificate beforehand so the encryption algorithm can lock the message in a way that only the recipient's corresponding private key can unlock. Without the recipient's certificate, the sender has no way to perform asymmetric encryption destined for that specific recipient.

DEncrypt attachments.

Encrypting attachments separately is not a required step in S/MIME; when a message is encrypted with S/MIME, the entire message including any attachments is encrypted as part of the same operation.

Concept tested: S/MIME encryption using recipient public key certificate

Source: https://learn.microsoft.com/en-us/exchange/security-and-compliance/smime-exo/smime-exo

Topics

#S/MIME#email encryption#digital certificates#public key infrastructure

Community Discussion

No community discussion yet for this question.

Full CISSP Practice