A user was reissued a smart card after the previous smart card had expired. The user is able to log into
the domain but is now unable to send digitally signed or encrypted email. Which of the following would
the user need to perform?

A.
Remove all previous smart card certificates from the local certificate store.

B.
Publish the new certificates to the global address list.

C.
Make the certificates available to the operating system.

D.
Recover the previous smart card certificates.

Explanation:
CAs can be either private or public, with VeriSign being one of the best known of the public variety. Many
operating system providers allow their systems to be configured as CA systems. These CA systems can be
used to generate internal certificates that are used within a business or in large external settings. The
process provides certificates to the users. Since the user in question has been re-issued a smart card, the
user must receive a new certificate by the CA to allow the user to send digitally signed email. This is
achieved by publishing the new certificates to the global address list.
Incorrect Answers:
A: Removing all previous smart card certificates from the local certificate store will affect all the other
users as well and then no one will be able to log in and send digitally signed email.
C: Making certificates available to the operating system will not allow the user to send digitally signed
email. The other users all have access to this service because of the CA having published their certificates
on the global address list, which means that the re-issued smart card’s certificate should also be
published on the global address list.
D: The previous smart card certificates are no longer valid.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 279-280