nerdexam
EC-Council

312-50V10 · Question #791

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an empl

The correct answer is D. Email Spoofing. Sending an email that displays an internal company address in the From field while actually originating from an external source demonstrates email spoofing - the forging of the sender address to impersonate a legitimate user.

Social Engineering

Question

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ's email gateway doesn't prevent what?

Options

  • AEmail Masquerading
  • BEmail Harvesting
  • CEmail Phishing
  • DEmail Spoofing

How the community answered

(18 responses)
  • A
    6% (1)
  • D
    94% (17)

Why each option

Sending an email that displays an internal company address in the From field while actually originating from an external source demonstrates email spoofing - the forging of the sender address to impersonate a legitimate user.

AEmail Masquerading

Email masquerading typically refers to a user or process assuming another user's identity within a system, which is a related but broader concept than the specific act of forging SMTP From headers.

BEmail Harvesting

Email harvesting is the automated collection of email addresses from various sources for use in spam or targeted attacks, and is unrelated to forging message sender fields.

CEmail Phishing

Email phishing is a social engineering technique that tricks recipients into revealing credentials or clicking malicious links - it may use spoofing as a tactic, but phishing describes the deceptive intent, not the technical forgery of the sender address.

DEmail SpoofingCorrect

Email spoofing refers to forging the From header of an email message so that it appears to originate from a different, often trusted, address than the actual sender. Because the message was sent from an external New York office but displayed an internal companyxyz.com address and was successfully delivered, the gateway failed to detect or block the spoofed sender address.

Concept tested: Email spoofing and perimeter gateway sender validation

Source: https://learn.microsoft.com/en-us/defender-office-365/anti-spoofing-protection

Topics

#email spoofing#email gateway bypass#sender forgery#email security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice