CompTIA CySA+ (CS0-002) — Question 150

A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?

Answer options

• A. An AAAA record on the name server for SPF
• B. DNSSEC keys to secure replication
• C. Domain Keys Identified Mail
• D. A sandbox to check incoming mail

Correct answer: C

Explanation

The correct answer is C, Domain Keys Identified Mail, which helps verify the authenticity of the sender's domain, thereby reducing the risk of email impersonation. Option A is incorrect as an AAAA record relates to IPv6 addresses and does not address email security. Option B, DNSSEC keys, enhances DNS security but does not specifically target email impersonation. Option D, a sandbox for checking incoming mail, is more about analyzing potential threats rather than preventing impersonation.