CAS-005 · Question #480
CAS-005 Question #480: Real Exam Question with Answer & Explanation
The correct answer is B: Change the DMARC policy to and remove references to the server.. Changing the DMARC policy to "reject" and removing references to the unauthorized server will prevent malicious emails from being delivered, strengthening protection against spoofing. Enforcing the hard fail parameter in the SPF record ensures that emails from unauthorized server
Question
A security engineer discovers that some legacy systems are still in use or were not properly decommissioned. After further investigation, the engineer identifies that an unknown and potentially malicious server is also sending emails on behalf of the company. The security engineer extracts the following data for review: Which of the following actions should the security engineer take next? (Choose two.)
Options
- ARotate the DKIM selector to use another key.
- BChange the DMARC policy to and remove references to the server.
- CRemove the unnecessary servers from the SPF record.
- DChange the SPF record to enforce the hard fail parameter.
- EUpdate the MX record to contain only the primary email server.
- FChange the DMARC policy to none and monitor email flow to establish a new baseline.
Explanation
Changing the DMARC policy to "reject" and removing references to the unauthorized server will prevent malicious emails from being delivered, strengthening protection against spoofing. Enforcing the hard fail parameter in the SPF record ensures that emails from unauthorized servers are rejected, further securing the organization’s email infrastructure.
Community Discussion
No community discussion yet for this question.