Enterprise Network Security
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- Configuring filtering: firewall, web, DNS, and the OS
- Email security: SPF, DKIM, DMARC, and the gateway
- Endpoint and data controls: FIM, DLP, NAC, EDR/XDR, UBA
Email authentication: what each record checks
| Mechanism | What it authenticates | Where published | Checks which identity | Failure-handling role |
|---|---|---|---|---|
| SPF | Which sending-MTA IPs are authorized for the domain | DNS TXT record | Envelope-From / MAIL FROM (RFC5321) domain | Pass/fail of source IP; no action of its own |
| DKIM | Cryptographic signature over headers + body (integrity + signing domain) | DNS TXT record (selector holds public key) | Signing domain in the DKIM d= tag | Pass/fail of signature; no action of its own |
| DMARC | Alignment of an SPF- or DKIM-passing domain with the visible From | DNS TXT record (_dmarc subdomain) | Header From (RFC5322) domain, must align | Sets policy none / quarantine / reject + reporting |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.