SY0-701 Question #578: Real Exam Question with Answer & Explanation

Question

A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?

Options

• AApply IP address reputation data.
• BTap and monitor the email feed.
• CScan email traffic inline.
• DCheck SPF records.

Explanation

Scanning email traffic inline means the solution sits directly in the mail flow path and inspects every message - including attachments - before they reach the recipient's inbox, allowing malicious content to be blocked in real time. This is the only option that actually intercepts and acts on the threat before delivery.

Why the distractors are wrong:

• A (IP reputation): IP reputation identifies suspicious sending servers, but a reputable server can still relay a malicious attachment - it doesn't inspect content.
• B (Tap and monitor): Tapping is passive; it copies traffic for analysis but doesn't block anything. Monitoring after the fact means the malicious attachment already reached the user.
• D (SPF records): SPF verifies that a sender's domain is authorized to send from a given IP - it combats spoofing, not malicious content inside legitimate emails.

Memory tip: Think of "inline" as a security checkpoint at the door - the email must pass inspection before it's allowed inside. Tapping (B) is a security camera watching after people have already entered; IP reputation (A) and SPF (D) check who is knocking, not what they're carrying.

No community discussion yet for this question.