Chapter 93 · Quiz

Email Security — Quiz

Six multiple-choice questions and four matching questions. Submit for instant scoring and explanations.

Question 1 of 6
A receiving mail server checks an inbound message and finds that the sending server’s IP address is not listed in the sender domain’s DNS TXT record for authorized mail sources. Which email authentication technology detected this, and what does its record contain?
Question 2 of 6
A domain owner wants to prove that outgoing emails were actually sent from their mail server and that the message content was not altered in transit. Which technology should be configured, and how does the receiving server validate it?
Question 3 of 6
An organization deploys SPF and DKIM. Phishing emails claiming to be from their domain are still reaching recipients at other organizations because those organizations’ mail servers do not know what to do when SPF or DKIM fails. Which additional technology addresses this gap?
Question 4 of 6
A security administrator is setting up DMARC for the first time. A colleague recommends starting with p=reject to immediately block all unauthenticated emails. The administrator instead chooses p=none first. Why is the administrator’s approach correct?
Question 5 of 6
A company adds a new cloud-based CRM system that sends automated emails on the company’s behalf. Within days, recipients report that these emails are landing in spam. SPF, DKIM, and DMARC are already configured with p=quarantine. What is the MOST likely cause?
Question 6 of 6
A domain owner reviews their DMARC aggregate reports and discovers that thousands of emails per day are being sent worldwide claiming to be from their domain, but the sending IPs are not in their SPF record and have no DKIM signatures. What is this evidence of, and what DMARC policy change would instruct all receiving mail servers to discard these emails?

Matching

Match each description to the correct email authentication technology.

1. A DNS TXT record published by the domain owner listing all servers authorized to send email on behalf of the domain; checked by receiving servers against the sending server’s IP address
2. A mechanism where the sending mail server signs outgoing messages with a private key and publishes the corresponding public key in a DNS TXT record for receiving servers to verify
3. An extension of the two other email authentication technologies that specifies the disposal policy (none/quarantine/reject) for failing messages and sends compliance reports to the domain owner
4. The organizational device that acts as the gatekeeper for inbound email, evaluating messages before they reach end users and applying filtering, scanning, and authentication checks
A. SPF
B. DKIM
C. DMARC
D. Mail Gateway