Cisco 300-720 Practice Test - Questions Answers, Page 10

Reference:

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_0100000.html#con_1482874

False positives are legitimate messages that are incorrectly identified as spam by the Cisco ESA. Organizations may want to implement a spam quarantine to reduce the risk of losing false positive messages and allow users or administrators to review and release them2. Reference = User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Spam

Quarantine [Cisco Secure Email Gateway] - Cisco

Safelists and blocklists are features on Cisco ESA that allow you to control email delivery based on the sender. Safelists are lists of sender addresses or domains that you want to accept or exempt from certain filtering actions. Blocklists are lists of sender addresses or domains that you want to reject or drop3. Reference = Securing Email with Cisco Email Security Appliance (SESA) v3.1

The purpose of checking the Certificate Revocation List (CRL) during SMTP authentication on a Cisco

Secure Email Gateway is to check if the certificate is not revoked by the issuing Certificate Authority (CA). A revoked certificate means that it is no longer valid and should not be trusted. Reference = [User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) -Configuring SMTP Authentication [Cisco Secure Email Gateway] - Cisco]

All users with administrator privileges can change spam quarantine settings and view and manage messages in the spam quarantine. You do not need to configure spam quarantine access for administrator users.

If you configure access to the spam quarantine for users with the following roles, they can view, release, and delete messages in the spam quarantine:

-Operator

-Read-only operator

-Help desk user

-Guest

-Custom user roles that have spam quarantine privileges

These users cannot access spam quarantine settings.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_0100000.html?bookSearch=true#con_1624156

spam quarantine end-user authentication query is used to validate non administrative user access to the end-user quarantine via LDAP1. This query is configured in the System Administration > LDAP > LDAP Server Profile page and can be tested using the smtproutes command in the CLI1. The other queries are not related to this task. The spam quarantine alias consolidation query is used to consolidate multiple email addresses for a user into one login2. The spam quarantine external authorization query is used to authorize users to access an external spam quarantine on a separate Cisco Secure Email and Web Manager3. The local mailbox (IMAP/POP) authentication is an alternative method to authenticate users without using LDAP2.

By modifying the mail policies, specifically the recipient matching criteria, you can ensure that email recipients do not match multiple policies simultaneously. When recipients in the email message belong to different domains (e.g., cisco.com and test.com), it can result in multiple policies being triggered simultaneously, leading to inconsistent delivery of emails with attachments.

DLP is for outgoing mail only and not relevant to incoming mail.

Content filter is a component on a Cisco Secure Email Gateway that must be configured to catch attachments, including credit card numbers, and hold them for review until further action is taken.

Content filter allows you to define rules based on message content and apply actions such as quarantine, encrypt, or modify. Reference = [User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Content Filters [Cisco Secure Email Gateway] - Cisco]

one of the methods to enable Cisco SecureX integration on a Cisco Secure Email Gateway appliance is to use the Threat Response service1. This service allows the appliance to send telemetry data to the SecureX cloud and provide visibility and response capabilities across multiple security products1. To use this service, the administrator needs to perform the following steps1:

Enable the Threat Response service: The administrator needs to go to Network > Cloud Service Settings and enable the Threat Response service. This will generate a registration token that can be used to register the appliance with SecureX1.

Select the correct Threat Response Server: The administrator needs to select the appropriate Threat Response server based on the region where the appliance is located. The available regions are North America, Europe, and Asia Pacific1.