Exam CS0-002 topic 1 question 149 discussion

Drawing from my email security experience... A- The most likely answer. Digital signatures are just that, signatures that should apply to only you. It provides non-repudiation (you can't deny that you sent it, or at the very least that your machine sent it, or that someone who has the crypto keys sent it) B- This doesn't really stop anything. Sure you have to log in to use your email, but anyone can still spoof you (email is inherently and insanely insecure) C- DKIM is nice as part of email authentication (use DMARC with SPF/DKIM), but DKIM doesn't care about 'friendly from' headers that users see in their mailbox. You can still very much spoof the 'from' field and still pass DKIM (I've had to explain this scenario to customers a gazillion times). D- Doesn't stop the spoofing. Just checks links.

Following: https://www.examtopics.com/discussions/comptia/view/75177-exam-cs0-002-topic-1-question-239-discussion/

C. Implement DKIM to perform authentication that will prevent the issue. Phishing attacks often involve spoofed emails that appear to come from legitimate sources within the organization. DKIM helps address this issue by providing a way to verify the integrity of the email's source. It won't prevent all phishing attacks, but it can significantly reduce the effectiveness of attacks that rely on impersonating internal senders. Option A, including digital signatures on messages originating within the company, is related to DKIM, but DKIM is a more specific and widely adopted standard for email authentication.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. By signing outgoing emails with a private key and allowing the recipient to verify the signature using a public key published in the DNS, DKIM helps prevent email forging and ensures the integrity of the email content. Implementing DKIM can significantly reduce the effectiveness of phishing attacks that rely on spoofing the sender's address.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing

This question is not clear! is the threat actor the employee? someone else spoofed them? if its a threat actor then DKIM. but if its an internal risk then its a different approach

DKIM (DomainKeys Identified Mail) is an email authentication method that allows the sender to prove that they are who they say they are. This helps to prevent phishing emails, which are emails that appear to come from a legitimate source but are actually from a malicious actor.

DKIM allows organizations to add content to messages to identify them as being from their domain. DKIM signs both the body of the message and elements of the header, helping to ensure that the message is actually from the organization it claims to be from.

C from previous dump

By implementing DKIM, an organization can ensure that emails appearing to come from within the company are legitimate and have not been spoofed by an attacker. This can help prevent employees from falling victim to phishing emails. Option A, including digital signatures on messages originating within the company, is a possible solution. However, this would require all employees to have digital signatures, which may not be practical

DKIM is also a valid solution for email authentication, it alone does not address the issue of email spoofing or impersonation in the "friendly from" header. Therefore, in this case, the BEST solution to prevent this issue would be to include digital signatures on messages originating within the company.

C. I like both A and C, my thought process is that DKIM validates the sender on the server level. If I spoof a company username in the 'friendly from' field, DKIM should not allow it as it was sent from a mail server that is not validated.