CompTIA Security+ (SY0-501) — Question 177

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: c:
\nslookup -querytype=MX comptia.org

Server: Unknown -

Address: 198.51.100.45 -
comptia.org MX preference=10, mail exchanger = 92.68.102.33 comptia.org MX preference=20, mail exchanger = exchg1.comptia.org exchg1.comptia.org internet address = 192.168.102.67
Which of the following should the penetration tester conclude about the command output?

Answer options

• A. The public/private views on the Comptia.org DNS servers are misconfigured.
• B. Comptia.org is running an older mail server, which may be vulnerable to exploits.
• C. The DNS SPF records have not been updated for Comptia.org.
• D. 192.168.102.67 is a backup mail server that may be more vulnerable to attack.

Correct answer: D

Explanation

The correct answer is D because the IP address 192.168.102.67 is a private IP address, which suggests it is a backup mail server that may not be properly secured for public access. Option A is incorrect as there is no evidence of misconfigured public/private views. Option B is not valid since the command output does not indicate the age of the mail server. Option C is unrelated to the MX record output provided.