Cisco 300-720 Practice Test - Questions Answers, Page 3

With DomainKeys or DKIM email authentication, the sender signs the email using public key cryptography. Configuring DomainKeys and DKIM Signing A signing key is the private key stored on the appliance. https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_010101.html?bookSearch=true

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-1/user_guide/b_ESA_Admin_Guide_12_1/b_ESA_Admin_Guide_12_1_chapter_011.pdf (p.1)

Non-final actions are actions that do not terminate the message filter evaluation, such as adding headers, setting variables, logging, etc. Final actions are actions that end the message filter evaluation and determine the fate of the message, such as accept, drop, bounce, quarantine, etc.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 3-4.

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01000.html

Spam threshold is a setting that determines the minimum score that a message must have to be classified as spam by Cisco ESA. The lower the threshold, the more aggressive the spam detection is.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-5.

Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118220-technote- esa-00.html

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01011.html

According to the User Guide for AsyncOS 12.0 for Cisco Email Security Appliances2, the order of virus scanning when multilayer antivirus scanning is configured is as follows:

The McAfee engine scans the message first. If the McAfee engine detects a virus, the message is dropped or repaired, depending on the configuration. If the McAfee engine does not detect a virus, the message is passed to the next layer of scanning.

The Sophos engine scans the message second. If the Sophos engine detects a virus, the message is dropped or repaired, depending on the configuration. If the Sophos engine does not detect a virus, the message is delivered to the recipient.

End user safelist is a feature that allows end users to specify email addresses or domains that they want to receive messages from, regardless of the spam verdict or action assigned by Cisco ESA.

Messages from senders on the end user safelist are delivered to the end user's inbox without any spam filtering.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-13.

Undesirable URL protection is a feature that allows Cisco ESA to detect and block messages that contain URLs that lead to malicious or unwanted websites, such as phishing, malware, or adult content sites. To enable this feature, outbreak filters and antispam scanning must be enabled on Cisco ESA.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-17.

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01111.html

According to the User Guide1, the steps to configure End-User Access to the Spam Quarantine via LDAP are as follows:

On the ESA, choose System Administration > LDAP > LDAP Server Profile page.

Click Add LDAP Server Profile.

Enter a name for the profile and click Submit.

Click Add Query.

Enter a name for the query and click Submit.

Configure the query settings, such as server address, port number, base DN, scope, filter, and attributes.

Check the Spam Quarantine End-User Authentication Query check box. This is the suboption that enables LDAP authentication for end users who access the spam quarantine.

Check the Designate as the active query check box. This is the suboption that specifies which query to use for end-user authentication. Only one query can be active at a time.

Click Submit and commit changes.

On the ESA, choose Monitor > Spam Quarantine > End-User Quarantine Access.

Check the Enable End-User Quarantine Access check box.

Choose LDAP from the End-User Authentication drop-down list.

Select the LDAP profile and query that you created earlier from the drop-down lists.

Click Submit and commit changes.

Reference: https://www.cisco.com/c/en/us/td/docs/security/security_management/sma/sma11-5/user_guide/ b_SMA_Admin_Guide_11_5/b_SMA_Admin_Guide_11_5_chapter_01010.html

Before a custom quarantine that is being used can be deleted, it must be removed from the message action of any filter that is using it on Cisco ESA. Otherwise, an error message will appear stating that the quarantine cannot be deleted because it is in use.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-5.

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011111.html