SY0-301 · Question #521
A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their empl
The correct answer is B. Digital signatures. Digital signatures use asymmetric (public-key) cryptography to cryptographically bind an email to the sender's private key. When the CEO signs outgoing emails with their private key, recipients can use the CEO's public key to verify the signature's authenticity - proving the mess
Question
A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?
Options
- ASpam filter
- BDigital signatures
- CAntivirus software
- DDigital certificates
How the community answered
(37 responses)- A5% (2)
- B92% (34)
- C3% (1)
Explanation
Digital signatures use asymmetric (public-key) cryptography to cryptographically bind an email to the sender's private key. When the CEO signs outgoing emails with their private key, recipients can use the CEO's public key to verify the signature's authenticity - proving the message genuinely originated from the CEO and has not been tampered with. This directly counters impersonation attacks. Digital certificates (D) are the underlying PKI infrastructure that issues and validates keys, but it is the act of applying a digital signature to the email that gives employees assurance of origin. Spam filters and antivirus address different threat vectors and do not verify sender identity.
Topics
Community Discussion
No community discussion yet for this question.