CompTIA CySA+ (CS0-002) — Question 411

A company's domain has been spoofed in numerous phishing campaigns. An analyst needs to determine why the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC. Upon review of the record, the analyst finds the following: v=DMARC1; p=none; fo=0; rua=mailto:[email protected]; ruf=mailto:[email protected]; adkim=r; rf=afrf; ri=86400;
Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?

Answer options

• A. The DMARC record's DKIM alignment tag is incorrectly configured.
• B. The DMARC record's policy tag is incorrectly configured.
• C. The DMARC record does not have an SPF alignment tag.
• D. The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3.

Correct answer: B

Explanation

The correct answer is B because the policy tag 'p=none' indicates that the mailbox providers are not enforcing any actions against emails that fail DMARC checks, which means the domain is still vulnerable to spoofing. The other options do not directly address the primary issue of the DMARC policy not being strict enough to prevent spoofing.