CompTIA CySA+ (CS0-002) — Question 95

A security analyst is reviewing existing email protection mechanisms to generate a report. The analysis finds the following DNS records:

Record 1 -
v=spf1 ip4:192:168.0.0/16 include:_spf.marketing.com include: thirdpartyprovider.com ~all

Record 2 -
“v=DKIM1\ k=rsa\; p=MIGfMA0GCSqh7d8hyh78Gdg87gd98hag86ga98dhay8gd7ashdca7yg79auhudig7df9ah8g76ag98dhay87ga9”

Record 3 -
_dmarc.comptia.com TXT v=DMARC1\; p=reject\; pct=100; rua=mailto:[email protected]

Which of the following options provides accurate information to be included in the report?

Answer options

• A. Record 3 serves as a reference of the security features configured at Record 1 and 2.
• B. Record 1 is used as a blocklist mechanism to filter unauthorized senders.
• C. Record 2 is used as a key to encrypt all outbound messages sent.
• D. The three records contain private information that should not be disclosed.

Correct answer: A

Explanation

The correct answer is A because Record 3 (DMARC) provides policy information that relates to the configurations in Records 1 (SPF) and 2 (DKIM). Option B is incorrect as Record 1 is for sender verification, not blocking. Option C is wrong because Record 2 is for signing messages, not encrypting them. Option D is not accurate since the records are meant for public DNS use.