CompTIA Security+ (SY0-501) — Question 429

The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the `From` section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident?

Answer options

• A. Domain hijacking
• B. SPF not enabled
• C. MX records rerouted
• D. Malicious insider

Correct answer: B

Explanation

The incident occurred because the SPF (Sender Policy Framework) was not enabled, allowing the possibility of email spoofing. Without SPF, the CEO could not verify the authenticity of the email, leading to the risk of sending sensitive information. The other options do not directly relate to the scenario involving email verification and trust.