CompTIA Security Plus Mock Test Q448

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

A. Remove all previous smart card certificates from the local certificate store.
B. Publish the new certificates to the global address list.
C. Make the certificates available to the operating system.
D. Recover the previous smart card certificates.


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
CAs can be either private or public, with VeriSign being one of the best known of the public variety. Many operating system providers allow their systems to be configured as CA systems. These CA systems can be used to generate internal certificates that are used within a business or in large external settings. The process provides certificates to the users. Since the user in question has been re-issued a smart card, the user must receive a new certificate by the CA to allow the user to send digitally signed email. This is achieved by publishing the new certificates to the global address list.

Incorrect Answers:
A: Removing all previous smart card certificates from the local certificate store will affect all the other users as well and then no one will be able to log in and send digitally signed email.
C: Making certificates available to the operating system will not allow the user to send digitally signed email. The other users all have access to this service because of the CA having published their certificates on the global address list, which means that the re-issued smart card’s certificate should also be published on the global address list.
D: The previous smart card certificates are no longer valid.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-280