Which protocol should a system administrator use to send an email with an encrypted attachment?

S/MIME (Secure/Multipurpose Internet Mail Extensions) is the appropriate protocol for sending emails with encrypted attachments. It provides a method for sending secure email messages by using digital signatures and encryption. When utilizing S/MIME, the sender can encrypt the entire email, including any attachments, ensuring that only the intended recipient, who possesses the corresponding private key, can decrypt and view the content.

S/MIME leverages certificates to authenticate the sender and encrypt the message content, thereby preserving both confidentiality and integrity. This makes it particularly suitable for handling sensitive information and attachments securely over email, which is a common scenario in many organizations.

In contrast, the other options do not serve the purpose of sending encrypted emails directly. SSH is primarily used for secure shell access and does not directly pertain to sending emails. An API is a set of tools that allows different software components to communicate, but it does not handle email formatting or encryption explicitly. ECDH is a key exchange protocol that facilitates secure communication but does not encompass the entire process of sending encrypted email with attachments. Thus, S/MIME stands out as the dedicated protocol for this specific need.