CompTIA CySA+ (CS0-003) — Question 56

The email system administrator for an organization configured DKIM signing for all email legitimately sent by the organization. Which of the following would most likely indicate an email is malicious if the company's domain name is used as both the sender and the recipient?

Answer options

• A. The message fails a DMARC check
• B. The sending IP address is the hosting provider
• C. The signature does not meet corporate standards
• D. The sender and reply address are different

Correct answer: A

Explanation

A failure in a DMARC check indicates that the email does not align with the domain's authentication policies, suggesting potential spoofing or malicious intent. While the other options may raise concern, they do not directly indicate malicious behavior as clearly as a DMARC failure does.