ExamGecko
Search Search Login
Home Home / Cisco / 300-720

Cisco 300-720 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which type of query must be configured when setting up the Spam Quarantine while merging notifications?
A list of company executives is routinely being spoofed, which puts the company at risk of malicious email attacks An administrator must ensure that executive messages are originating from legitimate sending addresses Which two steps must be taken to accomplish this task? (Choose two.)
A Cisco ESA administrator has noticed that new messages being sent to the Centralized Policy Quarantine are being released after one hour. Previously, they were being held for a day before being released. What was configured that caused this to occur?
An engineer is testing mail flow on a new Cisco ESA and notices that messages for domain abc.com are stuck in the delivery queue. Upon further investigation, the engineer notices that the messages pending delivery are destined for 192.168.1.11, when they should instead be routed to 192.168.1.10. What configuration change needed to address this issue?
A network engineer must tighten up the SPAM control policy of an organization due to a recent SPAM attack. In which scenario does enabling regional scanning improve security for this organization?
An administrator is managing multiple Cisco ESA devices and wants to view the quarantine emails from all devices in a central location. How is this accomplished?
Which two query types are available when an LDAP profile is configured? (Choose two.)
What is the order of virus scanning when multilayer antivirus scanning is configured?
An organization wants to use its existing Cisco ESA to host a new domain and enforce a separate corporate policy for that domain. What should be done on the Cisco ESA to achieve this?
Which component must be added to the content filter to trigger on failed SPF Verification or DKIM Authentication verdicts?

Question 81

Report
Export
Collapse

A recent engine update was pulled down for graymail and has caused the service to start crashing. It is critical to fix this as quickly as possible.

What must be done to address this issue?

A.

Roll back to a previous version of the engine from the Services Overview page.

A.

Roll back to a previous version of the engine from the Services Overview page.

Answers
B.

Roll back to a previous version of the engine from the System Health page.

B.

Roll back to a previous version of the engine from the System Health page.

Answers
C.

Download another update from the IMS and Graymail page.

C.

Download another update from the IMS and Graymail page.

Answers
D.

Download another update from the Service Updates page.

D.

Download another update from the Service Updates page.

Answers
Suggested answer: A

Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_11_1_chapter_0100010.html#task_9F07A032042F48C6AEDB69D325CD3C5F

To address this issue, the administrator should roll back to a previous version of the engine from the Services Overview page on Cisco ESA. This will restore the functionality of graymail service and prevent it from crashing.

The Services Overview page allows the administrator to view and manage various services on Cisco ESA, such as antivirus, outbreak filters, graymail, etc., and perform actions such as enable/disable, update, or roll back.

The other options are not valid solutions to address this issue, because they do not allow the administrator to roll back to a previous version of the engine for graymail service.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-18 and page 6-19.

Question 82

Report
Export
Collapse

Refer to the exhibit. An engineer needs to change the existing Forged Email Detection message filter so that it references a newly created dictionary named 'Executives'.

What should be done to accomplish this task?

A.

Change "from" to "Executives".

A.

Change "from" to "Executives".

Answers
B.

Change "TESF to "Executives".

B.

Change "TESF to "Executives".

Answers
C.

Change fed' to "Executives".

C.

Change fed' to "Executives".

Answers
D.

Change "support" to "Executives".

D.

Change "support" to "Executives".

Answers
Suggested answer: D

Explanation:

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-2240.pdf

Question 83

Report
Export
Collapse

An administrator has created a content filter to quarantine all messages that result in an SPF hardfail to review the messages and determine whether a trusted partner has accidentally misconfigured the DNS settings. The administrator sets the policy quarantine to release the messages after 24 hours, allowing time to review while not interrupting business.

Which additional option should be used to help the end users be aware of the elevated risk of interacting with these messages?

A.

Notify Recipient

A.

Notify Recipient

Answers
B.

Strip Attachments

B.

Strip Attachments

Answers
C.

Notify Sender

C.

Notify Sender

Answers
D.

Modify Subject

D.

Modify Subject

Answers
Suggested answer: D

Explanation:

Modify Subject is an additional option that should be used to help the end users be aware of the elevated risk of interacting with these messages. Modify Subject allows the administrator to add a prefix or suffix to the message subject, such as "[SPF Fail]", to indicate that the message has failed the SPF verification and may be fraudulent or spoofed.

The other options are not valid additional options to help the end users be aware of the elevated risk of interacting with these messages, because they do not affect the message subject or provide any warning to the end users.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 8-7 and page 8-8.

Question 84

Report
Export
Collapse

A company has deployed a new mandate that requires all emails sent externally from the Sales Department to be scanned by DLP for PCI-DSS compliance. A new DLP policy has been created on the Cisco ESA and needs to be assigned to a mail policy named 'Sales' that has yet to be created.

Which mail policy should be created to accomplish this task?

A.

Outgoing Mail Policy

A.

Outgoing Mail Policy

Answers
B.

Preliminary Mail Policy

B.

Preliminary Mail Policy

Answers
C.

Incoming Mail Flow Policy

C.

Incoming Mail Flow Policy

Answers
D.

Outgoing Mail Flow Policy

D.

Outgoing Mail Flow Policy

Answers
Suggested answer: A

Explanation:

Outgoing Mail Policy is a mail policy that should be created to accomplish this task. Outgoing Mail Policy is a set of rules that determine how outgoing messages are processed by Cisco ESA, including whether to apply DLP scanning or not.

To create an Outgoing Mail Policy named 'Sales' and assign a DLP policy to it, the administrator can follow these steps:

Select Mail Policies > Outgoing Mail Policies and click Add Policy.

Enter 'Sales' as the policy name and click Submit.

Select 'Sales' from the list of policies and click Edit Settings.

Under Data Loss Prevention, select Enable Data Loss Prevention Scanning and choose the DLP policy from the drop-down menu.

Click Submit.

The other options are not valid mail policies to accomplish this task, because they do not apply to outgoing messages or DLP scanning.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-2 and page 9-4.

Question 85

Report
Export
Collapse

DRAG DROP

An administrator must ensure that emails sent from [email protected] are routed through an alternate virtual gateway. Drag and drop the snippet from the bottom onto the blank in the graphic to finish the message filter syntax. Not all snippets are used.

Question 85
Correct answer: Question 85

Question 86

Report
Export
Collapse

Which component must be added to the content filter to trigger on failed SPF Verification or DKIM Authentication verdicts?

A.

status

A.

status

Answers
B.

response

B.

response

Answers
C.

parameter

C.

parameter

Answers
D.

condition

D.

condition

Answers
Suggested answer: D

Explanation:

Condition is a component that must be added to the content filter to trigger on failed SPF Verification or DKIM Authentication verdicts. Condition is a criterion that determines whether a message matches a content filter rule or not, such as message size, sender address, attachment type, etc.

To add a condition to the content filter that triggers on failed SPF Verification or DKIM Authentication verdicts, the administrator can follow these steps:

Select Mail Policies > Content Filters and click Add Filter.

Enter a name and description for the content filter.

Under Conditions, click Add Condition.

Choose SPF Verification or DKIM Authentication from the drop-down menu.

Choose Fail from the drop-down menu.

Click Submit.

The other options are not valid components to trigger on failed SPF Verification or DKIM Authentication verdicts, because they are not part of content filters.

Reference: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 8-3 and page 8-4.

Question 87

Report
Export
Collapse

An organization wants to use DMARC to improve its brand reputation by leveraging DNS records.

Which two email authentication mechanisms are utilized during this process? (Choose two.)

A.

SPF

A.

SPF

Answers
B.

DSTP

B.

DSTP

Answers
C.

DKIM

C.

DKIM

Answers
D.

TLS

D.

TLS

Answers
E.

PKI

E.

PKI

Answers
Suggested answer: A, C

Explanation:

Reference:

https://www.cisco.com/c/en/us/products/security/what-is-dmarc.html

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are two email authentication mechanisms that are utilized during this process. SPF and DKIM allow the domain owner to publish DNS records that specify the authorized IP addresses or hosts for sending emails from that domain and sign the messages with a cryptographic key to prove their authenticity and integrity.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication standard that builds on SPF and DKIM and allows the domain owner to publish DNS records that specify how receivers should handle messages that fail SPF or DKIM verification, such as reject, quarantine, or none, and how to report back the results of DMARC validation.

The other options are not valid email authentication mechanisms that are utilized during this process, because they are not part of DMARC standard.

Reference: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 11-2 and page 11-3.

Question 88

Report
Export
Collapse

An engineer is tasked with reviewing mail logs to confirm that messages sent from domain abc.com are passing SPF verification and being accepted by the Cisco ESA. The engineer notices that SPF verification is not being performed and that SPF is not being referenced in the logs for messages sent from domain abc.com.

Why is the verification not working properly?

A.

SPF verification is disabled in the Recipient Access Table.

A.

SPF verification is disabled in the Recipient Access Table.

Answers
B.

SPF verification is disabled on the Mail Flow Policy.

B.

SPF verification is disabled on the Mail Flow Policy.

Answers
C.

The SPF conformance level is set to SIDF compatible on the Mail Flow Policy.

C.

The SPF conformance level is set to SIDF compatible on the Mail Flow Policy.

Answers
D.

An SPF verification Content Filter has not been created.

D.

An SPF verification Content Filter has not been created.

Answers
Suggested answer: B

Explanation:

SPF verification is a feature that allows Cisco ESA to verify the authenticity of the sender's domain by checking the sender's IP address against a DNS record published by the domain owner. An SPF record is a TXT record that specifies the authorized IP addresses or hosts for sending emails from a domain, using a syntax of qualifiers, mechanisms, and modifiers.

The reason why the verification is not working properly is that SPF verification is disabled on the mail flow policy that applies to the messages sent from domain abc.com. A mail flow policy is a set of rules that determine how incoming or outgoing messages are processed by Cisco ESA, including whether to enable SPF verification or not.

To enable SPF verification on the mail flow policy, the administrator can follow these steps:

Select Mail Policies > Mail Flow Policies and click Edit Settings for the mail flow policy that applies to the messages sent from domain abc.com.

Under Sender Authentication, select Enable SPF Verification and choose an SPF conformance level from the drop-down menu.

Click Submit.

The other options are not valid reasons why the verification is not working properly, because they do not affect SPF verification on the mail flow policy.

Question 89

Report
Export
Collapse

An administrator needs to configure Cisco ESA to ensure that emails are sent and authorized by the owner of the domain. Which two steps must be performed to accomplish this task? (Choose two.)

A.

Generate keys.

A.

Generate keys.

Answers
B.

Create signing profile.

B.

Create signing profile.

Answers
C.

Create Mx record.

C.

Create Mx record.

Answers
D.

Enable SPF verification.

D.

Enable SPF verification.

Answers
E.

Create DMARC profile.

E.

Create DMARC profile.

Answers
Suggested answer: A, B

Explanation:

Configuring DomainKeys and DKIM Signing:

-Signing Keys

-Public Keys

-Domain Profiles

Creating Domain Profiles:

Step 1

-Choose Mail Policies > Signing Profiles.

Step 2

-In the Domain Signing Profiles section, click Add Profile.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_010110.html?bookSearch=true

Question 90

Report
Export
Collapse

What is the purpose of Cisco Email Encryption on Cisco ESA?

A.

to ensure anonymity between a recipient and MTA

A.

to ensure anonymity between a recipient and MTA

Answers
B.

to ensure integrity between a sender and MTA

B.

to ensure integrity between a sender and MTA

Answers
C.

to authenticate direct communication between a sender and Cisco ESA

C.

to authenticate direct communication between a sender and Cisco ESA

Answers
D.

to ensure privacy between Cisco ESA and MTA

D.

to ensure privacy between Cisco ESA and MTA

Answers
Suggested answer: D

Explanation:

Overview of Encrypting Communication with Other MTAs:

AsyncOS supports the STARTTLS extension to SMTP (Secure SMTP over TLS).

The TLS implementation in AsyncOS provides privacy through encryption.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_011001.html?bookSearch=true

Total 148 questions
Go to page: of 15
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms