312-50V10 · Question #791
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an empl
The correct answer is D. Email Spoofing. Sending an email that displays an internal company address in the From field while actually originating from an external source demonstrates email spoofing - the forging of the sender address to impersonate a legitimate user.
Question
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ's email gateway doesn't prevent what?
Options
- AEmail Masquerading
- BEmail Harvesting
- CEmail Phishing
- DEmail Spoofing
How the community answered
(18 responses)- A6% (1)
- D94% (17)
Why each option
Sending an email that displays an internal company address in the From field while actually originating from an external source demonstrates email spoofing - the forging of the sender address to impersonate a legitimate user.
Email masquerading typically refers to a user or process assuming another user's identity within a system, which is a related but broader concept than the specific act of forging SMTP From headers.
Email harvesting is the automated collection of email addresses from various sources for use in spam or targeted attacks, and is unrelated to forging message sender fields.
Email phishing is a social engineering technique that tricks recipients into revealing credentials or clicking malicious links - it may use spoofing as a tactic, but phishing describes the deceptive intent, not the technical forgery of the sender address.
Email spoofing refers to forging the From header of an email message so that it appears to originate from a different, often trusted, address than the actual sender. Because the message was sent from an external New York office but displayed an internal companyxyz.com address and was successfully delivered, the gateway failed to detect or block the spoofed sender address.
Concept tested: Email spoofing and perimeter gateway sender validation
Source: https://learn.microsoft.com/en-us/defender-office-365/anti-spoofing-protection
Topics
Community Discussion
No community discussion yet for this question.