Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CS0-003 Topic 2 Question 41 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 41
Topic #: 2
[All CS0-003 Questions]

A security analyst reviews a SIEM alert related to a suspicious email and wants to verify the authenticity of the message:

SPF = PASS

DKIM = FAIL

DMARC = FAIL

Which of the following did the analyst most likely discover?

Show Suggested Answer Hide Answer
Suggested Answer: B

Comprehensive and Detailed Step-by-Step The SPF = PASS result confirms the email came from an authorized server, but DKIM = FAIL indicates the message was not properly signed with the expected DomainKeys Identified Mail (DKIM) signature. DMARC = FAIL suggests that because DKIM failed, the overall email authentication failed. This scenario is consistent with a legitimate server sending an unsigned email.


CompTIA CySA+ All-in-One Guide (Chapter 5: Email Analysis)

CompTIA CySA+ Practice Tests (Domain 1.3 Email Authentication)

by Kenneth at Mar 24, 2025, 06:22 AM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bobbye
18 days ago
You know, I bet the analyst was just sitting there, staring at the screen, wondering if they should call the IT guy or order a pizza. Option B is the winner, but I could go for a slice right about now.
upvoted 0 times
Adell
22 hours ago
I think the message was sent from an authorized mail server but was not signed.
upvoted 0 times
...
...
Leonida
19 days ago
Haha, the analyst must have been like, 'Wait, is this a real alert or just a prank?' Option B is the way to go, but where's the fun in that?
upvoted 0 times
Quiana
4 days ago
User 1: I think the email was sent from an authorized server but wasn't signed.
upvoted 0 times
...
...
Lazaro
20 days ago
Alright, let's see... SPF passes, DKIM fails, DMARC fails. Sounds like an authorized server but a missing signature. Option B it is!
upvoted 0 times
...
Tracey
21 days ago
Oh man, I bet the analyst was sweating bullets trying to figure this one out. Option B seems like the clear choice, but you never know with these tricky security questions.
upvoted 0 times
...
Lauran
22 days ago
You know, I bet the security analyst is kicking themselves for not double-checking the email logs. Option D is probably the way to go here.
upvoted 0 times
...
Marva
23 days ago
I believe the answer is B, as SPF passing and DKIM/DMARC failing points to lack of proper email authentication.
upvoted 0 times
...
Pearline
25 days ago
Could it be that the email security software did not process all of the records correctly?
upvoted 0 times
...
Tashia
30 days ago
Hmm, if the SPF passed but the DKIM and DMARC failed, it seems like the message was sent from an authorized server but not properly signed. Option B seems the most likely.
upvoted 0 times
Jamal
14 days ago
I agree, it does seem like the message was sent from an authorized server but not properly signed.
upvoted 0 times
...
...
Devora
1 months ago
I agree with Lavina, DKIM and DMARC failing indicates lack of proper email signing.
upvoted 0 times
...
Lavina
1 months ago
I think the analyst discovered that the message was sent from an authorized mail server but was not signed.
upvoted 0 times
...

Save Cancel