CompTIA CySA+ (CS0-003) — Question 389

A security analyst is working on a suspicious email forwarded from a user. The email contains an attachment asking the user to open it. Which of the following should the security analyst review to best determine email authentication and its attack origin?

Answer options

• A. DMARC
• B. SMTP
• C. Joe Sandbox
• D. URL rewriting

Correct answer: A

Explanation

The correct answer is A, DMARC, as it helps verify the authenticity of the email and protects against spoofing. SMTP is a protocol for sending emails and does not directly provide authentication details. Joe Sandbox is a malware analysis tool, and URL rewriting involves modifying URLs, neither of which are focused on email authentication.