CompTIA CySA+ (CS0-002) — Question 373

A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?

Answer options

• A. A TXT record on the name server for SPF
• B. DNSSEC keys to secure replication
• C. Domain Keys Identified Mail
• D. A sandbox to check incoming mail

Correct answer: C

Explanation

The best option is C, Domain Keys Identified Mail, as it helps verify the authenticity of the sender's domain, making it harder for impersonation. Option A, a TXT record for SPF, is useful but does not provide the same level of assurance as DKIM. Option B, DNSSEC keys, is focused on securing DNS data but does not directly address email security. Option D, a sandbox for incoming mail, is a reactive measure and does not prevent impersonation.