Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CS0-003 Topic 2 Question 41 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 41
Topic #: 2
[All CS0-003 Questions]

A security analyst reviews a SIEM alert related to a suspicious email and wants to verify the authenticity of the message:

SPF = PASS

DKIM = FAIL

DMARC = FAIL

Which of the following did the analyst most likely discover?

Show Suggested Answer Hide Answer
Suggested Answer: B

Comprehensive and Detailed Step-by-Step The SPF = PASS result confirms the email came from an authorized server, but DKIM = FAIL indicates the message was not properly signed with the expected DomainKeys Identified Mail (DKIM) signature. DMARC = FAIL suggests that because DKIM failed, the overall email authentication failed. This scenario is consistent with a legitimate server sending an unsigned email.


CompTIA CySA+ All-in-One Guide (Chapter 5: Email Analysis)

CompTIA CySA+ Practice Tests (Domain 1.3 Email Authentication)

by Kenneth at Mar 24, 2025, 06:22 AM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bobbye
7 days ago
You know, I bet the analyst was just sitting there, staring at the screen, wondering if they should call the IT guy or order a pizza. Option B is the winner, but I could go for a slice right about now.
upvoted 0 times
...
Leonida
8 days ago
Haha, the analyst must have been like, 'Wait, is this a real alert or just a prank?' Option B is the way to go, but where's the fun in that?
upvoted 0 times
...
Lazaro
9 days ago
Alright, let's see... SPF passes, DKIM fails, DMARC fails. Sounds like an authorized server but a missing signature. Option B it is!
upvoted 0 times
...
Tracey
10 days ago
Oh man, I bet the analyst was sweating bullets trying to figure this one out. Option B seems like the clear choice, but you never know with these tricky security questions.
upvoted 0 times
...
Lauran
11 days ago
You know, I bet the security analyst is kicking themselves for not double-checking the email logs. Option D is probably the way to go here.
upvoted 0 times
...
Marva
12 days ago
I believe the answer is B, as SPF passing and DKIM/DMARC failing points to lack of proper email authentication.
upvoted 0 times
...
Pearline
14 days ago
Could it be that the email security software did not process all of the records correctly?
upvoted 0 times
...
Tashia
19 days ago
Hmm, if the SPF passed but the DKIM and DMARC failed, it seems like the message was sent from an authorized server but not properly signed. Option B seems the most likely.
upvoted 0 times
Jamal
3 days ago
I agree, it does seem like the message was sent from an authorized server but not properly signed.
upvoted 0 times
...
...
Devora
24 days ago
I agree with Lavina, DKIM and DMARC failing indicates lack of proper email signing.
upvoted 0 times
...
Lavina
25 days ago
I think the analyst discovered that the message was sent from an authorized mail server but was not signed.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77