CompTIA CySA+ (CS0-002) — Question 160

A security analyst is reviewing a suspected phishing campaign that has targeted an organization. The organization has enabled a few email security technologies in the last year: however, the analyst believes the security features are not working. The analyst runs the following command:

> dig domain._domainkey.comptia.org TXT

Which of the following email protection technologies is the analyst MOST likely validating?

Answer options

• A. SPF
• B. DNSSEC
• C. DMARC
• D. DKIM

Correct answer: D

Explanation

The command used by the analyst is designed to retrieve the DKIM (DomainKeys Identified Mail) TXT record for the specified domain, which is crucial for validating the integrity of email messages. SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting & Conformance) are different email authentication methods that do not use this specific command for validation. DNSSEC (Domain Name System Security Extensions) relates to securing DNS queries, not directly to email authentication.