Cisco 300-720 Practice Test - Questions Answers, Page 5

If you store user information within LDAP directories in your network infrastructure you can configure the appliance to query your LDAP servers to accept, route, and authenticate messages.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_011010.html

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_011010.html

Message filters can only be applied to the ESA via command line. So, you will need command line access to the ESA.

Log into the ESA via command line.

Run the following highlighted commands to apply the message filter to the ESA:

ironport.example.com> filters

Choose the operation you want to perform:

- NEW - Create a new filter.

- IMPORT - Import a filter script from a file.

[]> NEW

Enter filter script. Enter '.' on its own line to end.

large_spam_no_attachment:

if ((body-size > 2097152) AND NOT (attachment-size > 0)) {

quarantine("large_spam");

log-entry("*****This is a large message with no attachments*****");

}.

1 filters added.

Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/213940-esa-using-a- message-filter-to-take-act.html

Message splintering is a process that occurs when configuring separate incoming mail policies on Cisco ESA. Message splintering means that Cisco ESA will split a single incoming message into multiple copies, each with a different recipient and policy, and apply different security services and actions to each copy.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 4-2.

When DKIM (DomainKeys Identified Mail) signing is configured on Cisco ESA, the DNS record that must be updated to load the DKIM public signing key is the TXT record. The TXT record is used to store arbitrary text information in the DNS, such as the DKIM public key, which can be retrieved by the recipients to verify the DKIM signature in the message header.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 11-3.

Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/213939-esa- configure-dkim-signing.html

Bounce Verification is a feature that mitigates denial of service attacks on Cisco ESA. A denial of service attack is an attempt to overwhelm a system or network with excessive traffic or requests, rendering it unavailable or slow for legitimate users. Bounce Verification prevents Cisco ESA from accepting bounce messages that are not generated by itself or by trusted hosts, reducing the load on the system and preventing backscatter spam.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 5-8.

Reference: https://www.networkworld.com/article/2305394/ironport-adds-bounce-backverification-for-e- mail.html

The Outbreak Filters feature uses three tactics to protect your users from outbreaks:

Delay.

Redirect.

Modify.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01110.html

Outbreak filters and antivirus are two features that can be applied to either incoming or outgoing mail policies on Cisco ESA. Outbreak filters allow Cisco ESA to detect and block messages that contain new or emerging email threats, such as viruses, worms, phishing, or spam, by using real-time updates from Talos intelligence. Antivirus allows Cisco ESA to scan messages for known viruses and malware using one or two antivirus engines (Sophos and McAfee).

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-16 and page 7-2.

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01001.html

To allow the Cisco ESA to encrypt an email using the CRES (Cisco Registered Envelope Service), a provisioned email encryption profile must be configured on Cisco ESA. A provisioned email encryption profile is a type of encryption profile that specifies how messages are encrypted using CRES, such as the encryption key strength, the notification options, the branding settings, etc.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 12-4.

Load balancing and failover are two configurations that can be used on multiple LDAP servers to connect with Cisco ESA. Load balancing means that Cisco ESA will distribute the LDAP queries among the available LDAP servers in a round-robin fashion, improving the performance and efficiency of the

LDAP queries. Failover means that Cisco ESA will switch to another LDAP server if the current one is unavailable or unresponsive, ensuring the continuity and reliability of the LDAP queries.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-8.

You can enter multiple host names to configure the LDAP servers for failover or load-balancing.

Separate multiple entries with commas.

Reference: https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/sma_user_guide/b_SMA_Admin_Guide_ces_11/b_SMA_Admin_Guide_chapter_01010.html