Free 300-720 Sample Questions — Securing Email with Cisco Email Security Appliance (300-720 SESA)

What must be considered when viewing spam messages addressed to an email alias on Cisco ESA?

• A. It is only possible via a link in a notification
• B. It is only possible via a web browser directly
• C. The access is granted via any method
• D. It is impossible via mailbox authentication

A remote financial institution is implementing email encryption. It is required that all inbound emails use SMTP over TLS. What must be done to accomplish this?

• A. Disable TLS certificates
• B. Utilize Cisco Registered Envelope Service
• C. Leverage Cisco Talos Threat Intelligence Group
• D. Enable Application Inspection and Control for SMTP

Which type of attack is prevented by configuring file reputation filtering and file analysis features?

• A. denial of service
• B. zero-day
• C. backscatter
• D. phishing

Which restriction is in place for end users accessing the spam quarantine on Cisco ESA devices?

• A. The end user must be assigned to the Guest role
• B. Access via a link in a notification in mandatory
• C. Authentication is required when accessing via a link in a notification
• D. Direct access via web browser requires authentication

A network engineer must tighten up the SPAM control policy of an organization due to a recent SPAM attack. In which scenario does enabling regional scanning improve security for this organization?

• A. when most of the received email originates outside of the U.S.
• B. when most of the received email originates from a specific region
• C. when most of the received spam originates outside of the U.S.
• D. when most of the received spam comes from a specific country

An engineer is tasked with reviewing mail logs to confirm that messages sent from domain abc.com are passing SPF verification and being accepted by the Cisco ESA. The engineer notices that SPF verification is not being performed and that SPF is not being referenced in the logs for messages sent from domain abc.com. Why is the verification not working properly?

• A. SPF verification is disabled in the Recipient Access Table
• B. SPF verification is disabled on the Mail Flow Policy
• C. The SPF conformance level is set to SIDF compatible on the Mail Flow Policy
• D. An SPF verification Content Filter has not been created

An email containing a URL passes through the Cisco ESA that has content filtering disabled for all mail policies. The sender is [email protected], the recipients are [email protected], [email protected], [email protected], and [email protected]. The subject of the email is Test Document395898847. An administrator wants to add a policy to ensure that the Cisco ESA evaluates the web reputation score before permitting this email. Which two criteria must be used by the administrator to achieve this? (Choose two.)

• A. Subject contains “TestDocument”
• B. Sender matches test1.com
• C. Email body contains a URL
• D. Date and time of email
• E. Email does not match [email protected]

An engineer deploys a Cisco Secure Email Gateway appliance with default settings in an organization that permits only standard HTTP/HTTPS ports outbound and notices that the AMP file reputation feature does not work. Which additional action resolves the issue?

• A. Configure the outbound firewall rule to permit traffic on port 3237
• B. Enable the Use SSL option under Advanced Settings for File Reputation
• C. Enable the Use HTTP option under Advanced Settings for File Reputation
• D. Configure the outbound firewall rule to permit traffic on port 8081

Which two steps configure Forged Email Detection? (Choose two.)

• A. Configure a content dictionary with executive email addresses
• B. Configure a filter to use the Forged Email Detection rule and dictionary
• C. Configure a filter to check the Header From value against the Forged Email Detection dictionary
• D. Enable Forged Email Detection on the Security Services page
• E. Configure a content dictionary with friendly names

What are two prerequisites for implementing undesirable URL protection in Cisco ESA? (Choose two.)

• A. Enable outbreak filters
• B. Enable email relay
• C. Enable antispam scanning
• D. Enable port bouncing
• E. Enable antivirus scanning

A network engineer is editing the default DMARC verification profile on a Cisco ESA and must ensure that the configured Message Action in the profile matches the policy in the DMARC record. What must be set to achieve this result?

• A. “Message Action when the Policy in DMARC Record is Reject” to Reject
• B. “Message Action when the Policy in DMARC Record is None” to Quarantine
• C. “Message Action when the Policy in DMARC Record is None” to No Action
• D. “Message Action when the Policy in DMARC Record is Reject” to Quarantine

A content dictionary was created for use with Forged Email Detection. Proper data that pertains to the CEO “Example CEO” must be entered. What must be added to the dictionary to accomplish this goal?

• A. ceo
• B. Example CEO
• C. [email protected]
• D. example.com

An administrator needs to configure a Cisco ESA to block specific domains based on their reputation. Which service within the Cisco ESA should be utilized to accomplish this task?

• A. Receiving SMTP Policy
• B. Data Loss Prevention
• C. Anti-Virus
• D. Sender Group

Which two action types are performed by Cisco ESA message filters? (Choose two.)

• A. non-final actions
• B. filter actions
• C. discard actions
• D. final actions
• E. quarantine actions

Which two statements about configuring message filters within the Cisco ESA are true? (Choose two.)

• A. The filters command executed from the CLI is used to configure the message filters
• B. Message filters configuration within the web user interface is located within Incoming Content Filters
• C. The filterconfig command executed from the CLI is used to configure message filters
• D. Message filters can be configured only from the CLI
• E. Message filters can be configured only from the web user interface

An administrator is managing multiple Cisco ESA devices and wants to view the quarantine emails from all devices in a central location. How is this accomplished?

• A. Disable the VOF feature before sending SPAM to the external quarantine
• B. Configure a mail policy to determine whether the message is sent to the local or external quarantine
• C. Disable the local quarantine before sending SPAM to the external quarantine
• D. Configure a user policy to determine whether the message is sent to the local or external quarantine

What are two phases of the Cisco ESA email pipeline? (Choose two.)

• A. reject
• B. workqueue
• C. action
• D. delivery
• E. quarantine

A Cisco ESA administrator was notified that a user was not receiving emails from a specific domain. After reviewing the mail logs, the sender had a negative sender-based reputation score. What should the administrator do to allow inbound email from that specific domain?

• A. Create a new inbound mail policy with a message filter that overrides Talos
• B. Ask the user to add the sender to the email application’s allow list
• C. Modify the firewall to allow emails from the domain
• D. Add the domain into the allow list

Which two components form the graymail management solution in Cisco ESA? (Choose two.)

• A. cloud-based unsubscribe service
• B. uniform unsubscription management interface for end users
• C. secure subscribe option for end users
• D. integrated graymail scanning engine
• E. improved mail efficacy

An organization has multiple Cisco ESA devices deployed, resulting in several spam quarantines to manage. To manage the quarantined messages, the administrator enabled the centralized spam quarantine on the Cisco SMA and configured the external spam quarantine on the Cisco ESA devices. However, messages are still being directed to the local quarantine on the Cisco ESA devices. What change is necessary to complete the configuration?

• A. Modify the incoming mail policies on the Cisco ESA devices to redirect to the external quarantine
• B. Disable the external spam quarantine on the Cisco ESA devices
• C. Disable the local spam quarantine on the Cisco ESA devices
• D. Modify the external spam quarantine settings on the Cisco ESA devices and change the port to 25