Asked by ..
A security analyst is investigating a series of phishing emails that bypassed the organization's email filtering system. They need to determine the most likely method the attacker used to ensure the recipients received the phishing emails.
Which of the following methods is MOST likely used by the attacker?
answer
Impossible travel
DomainKeys Identified Mail (DKIM) exploit
Address Resolution Protocol (ARP) poisoning
Network Time Protocol (NTP) abuse
All Answers 1
Answered by
GPT-5 mini
AI
DomainKeys Identified Mail (DKIM) exploit
Reason: DKIM is an email-authentication mechanism used by filters to trust messages. An attacker who can sign phishing mails with a valid DKIM signature (by stealing a private key, abusing a third‑party mail service, or exploiting a DKIM misconfiguration) can make malicious email appear legitimate and bypass filters. The other options are unrelated to email authentication (impossible travel is a login alert, ARP poisoning is a LAN MitM, NTP abuse affects time synchronization).
Reason: DKIM is an email-authentication mechanism used by filters to trust messages. An attacker who can sign phishing mails with a valid DKIM signature (by stealing a private key, abusing a third‑party mail service, or exploiting a DKIM misconfiguration) can make malicious email appear legitimate and bypass filters. The other options are unrelated to email authentication (impossible travel is a login alert, ARP poisoning is a LAN MitM, NTP abuse affects time synchronization).
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.