CompTIA CASP+ (CAS-003) — Question 142

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes.
Which of the following controls would BEST mitigate the identified vulnerability?

Answer options

• A. Issue digital certificates to all users, including owners of group mailboxes, and require S/MIME with AES-256.
• B. Federate with an existing PKI provider, and reject all non-signed emails
• C. Implement two-factor email authentication, and require users to hash all email messages upon receipt
• D. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

Correct answer: A

Explanation

Option A is correct because issuing digital certificates and requiring S/MIME with AES-256 ensures confidentiality for electronic correspondence, directly addressing the vulnerability identified in the audit. Option B, while improving security through PKI, does not specifically address the confidentiality issue. Option C enhances authentication but does not secure the content of emails. Option D eliminates shared mailboxes but does not provide a confidentiality mechanism for emails.