Which DNS record type is used to verify domain ownership for email security protocols like SPF and DKIM?
Correct. TXT records store arbitrary text, used for SPF and DKIM.
Why this answer
SPF and DKIM records are stored as TXT records in DNS. SPF records specify which mail servers are authorized to send email for a domain, while DKIM records contain a public key used to verify email signatures. Both are implemented via TXT records, not other record types.
Exam trap
Cisco often tests the misconception that SPF or DKIM use a dedicated record type like SPF or DKIM, when in fact both rely on TXT records, and candidates may incorrectly choose MX or CNAME due to their association with email or aliasing.
How to eliminate wrong answers
Option A is wrong because CNAME records create an alias for a domain name and cannot contain the arbitrary text data required for SPF or DKIM policies. Option C is wrong because MX records specify mail exchange servers for routing email, not for storing authentication or verification data. Option D is wrong because NS records delegate a domain to authoritative name servers and have no role in email security protocol verification.