Cisco 300-720 SESA Exam Questions Instant Access

Question 1

What is a valid content filter action?

Adecrypt on delivery

Bquarantine

Cskip antispam

Darchive

Answer : B

A content filter action is an operation that Cisco ESA performs on a message if it matches the conditions of a content filter rule, such as headers, envelope, body, attachments, etc.

Quarantine is a valid content filter action that allows Cisco ESA to store the message in a quarantine area for further review or release by an administrator or an end user.

The other options are not valid content filter actions on Cisco ESA.

Question 2

An engineer is testing mail flow on a new Cisco ESA and notices that messages for domain abc.com are stuck in the delivery queue. Upon further investigation, the engineer notices that the messages pending delivery are destined for 192.168.1.11, when they should instead be routed to 192.168.1.10.

What configuration change needed to address this issue?

AAdd an address list for domain abc.com.

BModify Destination Controls entry for the domain abc.com.

CModify the SMTP route for the domain and change the IP address to 192.168.1.10.

DModify the Routing Tables and add a route for IP address to 192.168.1.10.

Answer : C

You can use the SMTP route feature on Cisco ESA to specify how messages for a specific domain are routed to their destination.You can modify the SMTP route for the domain abc.com and change the IP address to 192.168.1.10 to ensure that messages are delivered correctly3. Reference =Securing Email with Cisco Email Security Appliance (SESA) v3.1

Question 3

When the Spam Quarantine is configured on the Cisco ESA, what validates end-users via LDAP during login to the End-User Quarantine?

AEnabling the End-User Safelist/Blocklist feature

BSpam Quarantine External Authentication Query

CSpam Quarantine End-User Authentication Query

DSpam Quarantine Alias Consolidation Query

Answer : C

Spam Quarantine End-User Authentication Query is a query that Cisco ESA performs against an LDAP server to validate the end-user credentials during login to the End-User Quarantine.

Question 4

When email authentication is configured on Cisco ESA, which two key types should be selected on the signing profile? (Choose two.)

ADKIM

BPublic Keys

CDomain Keys

DSymmetric Keys

EPrivate Keys

Answer : B, E

With DomainKeys or DKIM email authentication, the sender signs the email using public key cryptography. Configuring DomainKeys and DKIM Signing A signing key is the private key stored on the appliance. https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_010101.html?bookSearch=true

Question 5

Which type of attack is prevented by configuring file reputation filtering and file analysis features?

Adenial of service

Bzero-day

Cbackscatter

Dphishing

Answer : B

The type of attack that is prevented by configuring file reputation filtering and file analysis features is zero-day. Zero-day attacks are those that exploit unknown vulnerabilities in software or systems before they are patched or fixed. File reputation filtering and file analysis features help to protect against zero-day attacks by checking the reputation of files attached to email messages and sending them to a cloud-based service for dynamic analysis.

Question 6

Which two configurations are used on multiple LDAP servers to connect with Cisco ESA? (Choose two.)

Aload balancing

BSLA monitor

Cactive-standby

Dfailover

Eactive-active

Answer : A, D

Load balancing and failover are two configurations that can be used on multiple LDAP servers to connect with Cisco ESA. Load balancing means that Cisco ESA will distribute the LDAP queries among the available LDAP servers in a round-robin fashion, improving the performance and efficiency of the LDAP queries. Failover means that Cisco ESA will switch to another LDAP server if the current one is unavailable or unresponsive, ensuring the continuity and reliability of the LDAP queries.

You can enter multiple host names to configure the LDAP servers for failover or load-balancing. Separate multiple entries with commas.

Question 7

Refer to the exhibit. How should this configuration be modified to stop delivering Zero Day malware attacks?

AChange Unscannable Action from Deliver As Is to Quarantine.

BChange File Analysis Pending action from Deliver As Is to Quarantine.

CConfigure mailbox auto-remediation.

DApply Prepend on Modify Message Subject under Malware Attachments.

Answer : B

Overview of File Reputation Filtering and File Analysis:

Advanced Malware Protection protects against zero-day and targeted file-based threats in email attachments by:

-Obtaining the reputation of known files.

-Analyzing behavior of certain files that are not yet known to the reputation service.

-Continuously evaluating emerging threats as new information becomes available, and notifying you about files that are determined to be threats after they have entered your network.

-This feature is available for incoming messages and outgoing messages.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_010000.html?bookSearch=true

Cisco Securing Email with Cisco Email Security Appliance 300-720 SESA Exam Questions