Ask Question
Cisco 300-720 Practice Test - Questions Answers, Page 10
List of questions
Question 91
A Cisco ESA administrator has noticed that new messages being sent to the Centralized Policy
Quarantine are being released after one hour. Previously, they were being held for a day before being released.
What was configured that caused this to occur?
The retention period was changed to one hour.
The threshold settings were set to override the clock settings.
The retention period was set to default.
The threshold settings were set to default.
Explanation:
You can configure Policy, Virus, and Outbreak Quarantines in any one of the following ways:
Choose Quarantine > Other Quarantine > View > +.
Choose Monitor > Policy, Virus, and Outbreak Quarantines and do one of the following.
Click Add Policy Quarantine.
Keep the following in mind, changing the retention time of the File Analysis quarantine from the default of one hour is not recommended.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_011111.html?bookSearch=true
Question 92
What are organizations trying to address when implementing a SPAM quarantine?
true positives
false negatives
false positives
true negatives
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_0100000.html#con_1482874
False positives are legitimate messages that are incorrectly identified as spam by the Cisco ESA. Organizations may want to implement a spam quarantine to reduce the risk of losing false positive messages and allow users or administrators to review and release them2. Reference = User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Spam
Quarantine [Cisco Secure Email Gateway] - Cisco
Question 93
Which two Cisco ESA features are used to control email delivery based on the sender? (Choose two.)
incoming mail policies
spam quarantine
outbreak filter
safelists
blocklists
Explanation:
Safelists and blocklists are features on Cisco ESA that allow you to control email delivery based on the sender. Safelists are lists of sender addresses or domains that you want to accept or exempt from certain filtering actions. Blocklists are lists of sender addresses or domains that you want to reject or drop3. Reference = Securing Email with Cisco Email Security Appliance (SESA) v3.1
Question 94
What is the purpose of checking the CRL during SMTP authentication on a Cisco Secure Email Gateway?
Validate the date to check if the certificate is still valid
Check if the certificate is not revoked.
Confirm that corresponding CA is present
Verify the common name matches user ID
Explanation:
The purpose of checking the Certificate Revocation List (CRL) during SMTP authentication on a Cisco
Secure Email Gateway is to check if the certificate is not revoked by the issuing Certificate Authority (CA). A revoked certificate means that it is no longer valid and should not be trusted. Reference = [User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) -Configuring SMTP Authentication [Cisco Secure Email Gateway] - Cisco]
Question 95
An organization wants to designate help desk personnel to assist with tickets that request the release of messages from the spam quarantine because company policy does not permit direct end-user access to the quarantine. Which two roles must be used to allow help desk personnel to release messages while restricting their access to make configuration changes in the Cisco Secure Email Gateway? (Choose two.)
Administrator
Help Desk User
Read-Only Operator
Technician
Quarantine Administrator
Explanation:
All users with administrator privileges can change spam quarantine settings and view and manage messages in the spam quarantine. You do not need to configure spam quarantine access for administrator users.
If you configure access to the spam quarantine for users with the following roles, they can view, release, and delete messages in the spam quarantine:
-Operator
-Read-only operator
-Help desk user
-Guest
-Custom user roles that have spam quarantine privileges
These users cannot access spam quarantine settings.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_0100000.html?bookSearch=true#con_1624156
Question 96
When the spam quarantine is configured on the Cisco Secure Email Gateway, which type of query is used to validate non administrative user access to the end-user quarantine via LDAP?
spam quarantine end-user authentication
spam quarantine alias consolidation
spam quarantine external authorization
local mailbox (IMAP/POP) authentication
Explanation:
spam quarantine end-user authentication query is used to validate non administrative user access to the end-user quarantine via LDAP1. This query is configured in the System Administration > LDAP > LDAP Server Profile page and can be tested using the smtproutes command in the CLI1. The other queries are not related to this task. The spam quarantine alias consolidation query is used to consolidate multiple email addresses for a user into one login2. The spam quarantine external authorization query is used to authorize users to access an external spam quarantine on a separate Cisco Secure Email and Web Manager3. The local mailbox (IMAP/POP) authentication is an alternative method to authenticate users without using LDAP2.
Question 97
An administrator notices that incoming emails with certain attachments do not get delivered to all recipients when the emails have multiple recipients in different domains like cisco.com and test.com.
The same emails when sent only to recipients in cisco.com are delivered properly. How must the Cisco Secure Email Gateway be configured to avoid this behavior?
Modify mail policies for cisco.com to ensure that emails are not dropped.
Modify mail policies so email recipients do not match multiple policies.
Modify DLP configuration to ensure that all attachments are permitted for test.com.
Modify DLP configuration to exempt DLP scanning for messages sent to test.com domain
Explanation:
By modifying the mail policies, specifically the recipient matching criteria, you can ensure that email recipients do not match multiple policies simultaneously. When recipients in the email message belong to different domains (e.g., cisco.com and test.com), it can result in multiple policies being triggered simultaneously, leading to inconsistent delivery of emails with attachments.
DLP is for outgoing mail only and not relevant to incoming mail.
Question 98
An engineer is tasked with creating a content filter to catch attachments, including credit card numbers, and hold them for review until further action is taken. Which component on a Cisco Secure Email Gateway must be configured to meet this requirement?
Spam Quarantine
Policy Quarantine
Outbreak Filter
Content Filter
Explanation:
Content filter is a component on a Cisco Secure Email Gateway that must be configured to catch attachments, including credit card numbers, and hold them for review until further action is taken.
Content filter allows you to define rules based on message content and apply actions such as quarantine, encrypt, or modify. Reference = [User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Content Filters [Cisco Secure Email Gateway] - Cisco]
Question 99
Which of the following two steps are required to enable Cisco SecureX integration on a Cisco Secure Email Gateway appliance? (Choose two.)
Paste in the Registration Token generated from the Smart Licensing Account
Enable the Threat Response service under Network>Cloud Service Settings.
Select the correct Threat Response Server based on your region.
Paste in the Registration Token generated from the Security Services Exchange.
Enable the Security Services Exchange service under Network>Cloud Service Settings
Explanation:
one of the methods to enable Cisco SecureX integration on a Cisco Secure Email Gateway appliance is to use the Threat Response service1. This service allows the appliance to send telemetry data to the SecureX cloud and provide visibility and response capabilities across multiple security products1. To use this service, the administrator needs to perform the following steps1:
Enable the Threat Response service: The administrator needs to go to Network > Cloud Service Settings and enable the Threat Response service. This will generate a registration token that can be used to register the appliance with SecureX1.
Select the correct Threat Response Server: The administrator needs to select the appropriate Threat Response server based on the region where the appliance is located. The available regions are North America, Europe, and Asia Pacific1.
Question 100
What are the two different phases in the process of Cisco Secure Email Gateway performing S/MIME encryption? (Choose two.)
Attach the encrypted public key to the message
Encrypt the message body using the session key
Send the encrypted message to the sender
Attach the encrypted symmetric key to the message
Create a pseudo-random session key.
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
.png)
Question