During a security assessment you are asked to recommend an email protection mechanism that will provide end-to-end confidentiality and authentication for messages exchanged between company employees and external customers. The solution must leverage X.509 certificates issued by the corporate PKI so that key management remains centralized and transparent to users. Which technology meets these requirements?
OpenPGP encryption based on user-generated public/private key pairs
S/MIME with certificates issued by the organization's certificate authority
DomainKeys Identified Mail signing for all outgoing messages
Opportunistic STARTTLS negotiated between sending and receiving mail servers
S/MIME supports both encryption and digital signatures by using X.509 certificates that can be issued and revoked through an enterprise public key infrastructure. Because certificates are centrally managed, users do not need to create or distribute their own keys. STARTTLS only secures SMTP while messages are in transit and offers no end-to-end protection. DKIM signs selected header fields to verify domain authenticity but does not encrypt message content. OpenPGP can provide end-to-end security, yet it relies on user-generated key pairs and a web-of-trust or public key servers rather than a centrally managed X.509 PKI, making it inconsistent with the stated requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is S/MIME, and how does it work with X.509 certificates?
Open an interactive chat with Bash
What is a Public Key Infrastructure (PKI), and how does it support S/MIME?
Open an interactive chat with Bash
Why doesn't STARTTLS provide end-to-end security for emails?
Open an interactive chat with Bash
What is S/MIME and how does it use X.509 certificates for email encryption?
Open an interactive chat with Bash
Why is STARTTLS not suitable for end-to-end email protection?
Open an interactive chat with Bash
What are the limitations of OpenPGP compared to S/MIME for corporate email security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .