Cisco 300-720 Practice Test - Questions Answers, Page 11

Custom policy is a type of DLP policy template that must be used to create a policy that meets this requirement. Custom policy allows the administrator to define their own criteria for detecting sensitive or confidential data in messages, such as keywords, regular expressions, file types, etc.

To create a custom DLP policy on Cisco ESA, the administrator can follow these steps:

Select Mail Policies > DLP Policy Manager and click Add Policy.

Enter a name and description for the DLP policy, such as Patent Protection.

Under Policy Template, select Custom Policy.

Click Submit.

Under Content Matching Criteria, click Add Criteria.

Choose a matching type, such as Keyword or Regular Expression, and enter a value that matches the proprietary patent documents, such as "patent number" or "\d{4}/\d{6}".

Click Submit.

The other options are not valid types of DLP policy templates to create a policy that meets this requirement, because they are predefined templates that do not match the proprietary patent documents.

Reference: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 9-3 and page 9-5.

Accept is the action that must be set for messages that result in temporary failure to prevent these emails from being rejected. Accept allows Cisco ESA to deliver the messages without applying any DMARC actions or modifications.

To configure the accept action for messages that result in temporary failure on Cisco ESA, the administrator can follow these steps:

Select Mail Policies > DMARC Verification Profile and click Edit Settings for the DMARC verification profile that applies to the messages.

Under DMARC Actions, select Accept from the drop-down menu for Messages That Result in Temporary Failure.

Click Submit.

The other options are not valid actions for messages that result in temporary failure to prevent these emails from being rejected, because they either apply DMARC actions or modifications or do nothing.

Reference: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 11-4 and page 11-5.

Enabling regional scanning improves security for this organization when most of the received email originates from a specific region. Regional scanning is a feature that allows Cisco ESA to apply different spam thresholds and actions based on the geographic region of the sender's IP address, using a database of IP addresses and regions.

To enable regional scanning on Cisco ESA, the administrator can follow these steps:

Select Security Services > IronPort Anti-Spam and click Edit Settings.

Under Regional Scanning, select Enable Regional Scanning.

Click Submit.

Select Security Services > IronPort Anti-Spam > Regional Settings and click Add Region.

Choose a region from the drop-down menu, such as Asia Pacific.

Enter a spam threshold and an action for that region, such as 80 and Drop.

Click Submit.

[email protected] is the data that must be added to the dictionary to accomplish this goal. A content dictionary is a list of values that can be used as a condition in a content filter or a message filter. Forged Email Detection is a feature that allows Cisco ESA to detect and prevent email spoofing attacks, where the sender's address or domain is forged to appear as someone else, such as the CEO of the organization.

To create a content dictionary for use with Forged Email Detection on Cisco ESA, the administrator can follow these steps:

Select Mail Policies > Content Dictionaries and click Add Dictionary.

Enter a name and description for the content dictionary, such as CEO Email.

Under Dictionary Values, click Add Value.

Enter the email address of the CEO, such as [email protected].

Click Submit.

Enabling End-User Quarantine Access and pointing to an LDAP server for authentication is the action that must be taken to meet this requirement. End-User Quarantine Access is a feature that allows users to access their personal quarantine on Cisco ESA using their email address and password, without requiring an administrator account or access to Secure Email and Web Manager.

To enable End-User Quarantine Access on Cisco ESA, the administrator can follow these steps:

Select Security Services > IronPort Anti-Spam > End User Safelist/Blocklist Settings and click Edit Settings.

Under End User Quarantine Access, select Enable End User Quarantine Access.

Under Authentication Server, select LDAP Server from the drop-down menu and choose an LDAP server profile from the drop-down menu.

Click Submit.

Configuring the outbound firewall rule to permit traffic on port 3237 is the additional action that resolves the issue. AMP file reputation is a feature that allows Cisco ESA to check files attached to messages against a cloud-based database of known malicious files and apply appropriate actions, such as block, deliver, or quarantine.

By default, AMP file reputation uses TCP port 3237 to communicate with the cloud-based database.

If this port is blocked by a firewall, AMP file reputation will not work properly.

To resolve this issue, the administrator can configure the outbound firewall rule to permit traffic on port 3237 from Cisco ESA.

The other options are not valid actions to resolve the issue, because they do not affect the port used by AMP file reputation.

Reference: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 7-5 and page 7-6.

spf-status is the section of the filter that must be modified to correct this behavior. spf-status is a condition that determines whether a message matches the content filter rule based on the result of SPF verification, such as pass, fail, neutral, etc.

The content filter in the exhibit has a spf-status condition set to "Pass", which means that it will match messages that passed SPF verification and apply the action of "Quarantine". This is the opposite of what the network engineer intended to do.

To correct this behavior, the network engineer can modify the spf-status condition to "Fail", which means that it will match messages that failed SPF verification and apply the action of "Quarantine".

The other options are not valid sections of the filter that must be modified to correct this behavior, because they do not affect the spf-status condition.

Reference: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 8-3 and page 8-4.

Direct access via web browser requires authentication is the restriction that is in place for end users accessing the spam quarantine on Cisco Secure Email Gateway appliances. Spam quarantine is a feature that allows Cisco ESA to store messages that are suspected to be spam and allow end users or administrators to review them and release or delete them as needed.

End users can access their personal spam quarantine on Cisco ESA either by clicking on a link in a notification email or by entering their email address and password in a web browser. In both cases, authentication is required to ensure security and privacy.

The other options are not valid restrictions that are in place for end users accessing the spam quarantine on Cisco Secure Email Gateway appliances, because they are either not mandatory or not related to authentication.

Reference: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 10-2 and page 10-3.