cisco 300-720 practice test
Securing Email with Cisco Email Security Appliance (300-720 SESA)
Question 1
Which SMTP extension does Cisco ESA support for email security?
- A. ETRN
- B. UTF8SMTP
- C. PIPELINING
- D. STARTTLS
Answer:
D
Explanation:
STARTTLS is an SMTP extension that allows email servers to negotiate a secure connection using TLS
or SSL encryption. Cisco ESA supports STARTTLS for both inbound and outbound email delivery.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 5-2.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011000.html
Question 2
Which feature utilizes sensor information obtained from Talos intelligence to filter email servers
connecting into the Cisco ESA?
- A. SenderBase Reputation Filtering
- B. Connection Reputation Filtering
- C. Talos Reputation Filtering
- D. SpamCop Reputation Filtering
Answer:
A
Explanation:
SenderBase Reputation Filtering is a feature that allows Cisco ESA to reject or throttle connections
from email servers based on their reputation score, which is calculated by Talos using sensor
information from various sources.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 6-2.
Question 3
When the Spam Quarantine is configured on the Cisco ESA, what validates end-users via LDAP during
login to the End-User Quarantine?
- A. Enabling the End-User Safelist/Blocklist feature
- B. Spam Quarantine External Authentication Query
- C. Spam Quarantine End-User Authentication Query
- D. Spam Quarantine Alias Consolidation Query
Answer:
C
Explanation:
Spam Quarantine End-User Authentication Query is a query that Cisco ESA performs against an LDAP
server to validate the end-user credentials during login to the End-User Quarantine.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 10-9.
Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118692-configure-esa-00.html
Question 4
Which benefit does enabling external spam quarantine on Cisco SMA provide?
- A. ability to back up spam quarantine from multiple Cisco ESAs to one central console
- B. access to the spam quarantine interface on which a user can release, duplicate, or delete
- C. ability to scan messages by using two engines to increase a catch rate
- D. ability to consolidate spam quarantine data from multiple Cisco ESA to one central console
Answer:
D
Explanation:
External spam quarantine is a feature that allows Cisco SMA to store and manage spam messages
quarantined by multiple Cisco ESAs in one central location, providing a unified view and
administration of the spam quarantine data.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 10-3.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/security_management/sma/sma11-0/user_guide/b_SMA_Admin_Guide/b_SMA_Admin_Guide_chapter_010101.html
Question 5
When email authentication is configured on Cisco ESA, which two key types should be selected on
the signing profile? (Choose two.)
- A. DKIM
- B. Public Keys
- C. Domain Keys
- D. Symmetric Keys
- E. Private Keys
Answer:
BE
Explanation:
With DomainKeys or DKIM email authentication, the sender signs the email using public key
cryptography. Configuring DomainKeys and DKIM Signing A signing key is the private key stored on
the
appliance.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_010101.html?bookSearch
=true
Question 6
What are two phases of the Cisco ESA email pipeline? (Choose two.)
- A. reject
- B. workqueue
- C. action
- D. delivery
- E. quarantine
Answer:
BD
Explanation:
With DomainKeys or DKIM email authentication, the sender signs the email using public key
cryptography. Configuring DomainKeys and DKIM Signing A signing key is the private key stored on
the
appliance.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_010101.html?bookSearch
=true
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-1/user_guide/
b_ESA_Admin_Guide_12_1/b_ESA_Admin_Guide_12_1_chapter_011.pdf (p.1)
Question 7
Which two action types are performed by Cisco ESA message filters? (Choose two.)
- A. non-final actions
- B. filter actions
- C. discard actions
- D. final actions
- E. quarantine actions
Answer:
AD
Explanation:
Non-final actions are actions that do not terminate the message filter evaluation, such as adding
headers, setting variables, logging, etc. Final actions are actions that end the message filter
evaluation and determine the fate of the message, such as accept, drop, bounce, quarantine, etc.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 3-4.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01000.html
Question 8
Which setting affects the aggressiveness of spam detection?
- A. protection level
- B. spam threshold
- C. spam timeout
- D. maximum depth of recursion scan
Answer:
B
Explanation:
Spam threshold is a setting that determines the minimum score that a message must have to be
classified as spam by Cisco ESA. The lower the threshold, the more aggressive the spam detection is.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 6-5.
Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118220-technote-esa-00.html
Question 9
What is the order of virus scanning when multilayer antivirus scanning is configured?
- A. The default engine scans for viruses first and the McAfee engine scans for viruses second.
- B. The Sophos engine scans for viruses first and the McAfee engine scans for viruses second.
- C. The McAfee engine scans for viruses first and the default engine scans for viruses second.
- D. The McAfee engine scans for viruses first and the Sophos engine scans for viruses second.
Answer:
D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01011.html
According to the User Guide for AsyncOS 12.0 for Cisco Email Security Appliances2
, the order of virus
scanning when multilayer antivirus scanning is configured is as follows:
The McAfee engine scans the message first. If the McAfee engine detects a virus, the message is
dropped or repaired, depending on the configuration. If the McAfee engine does not detect a virus,
the message is passed to the next layer of scanning.
The Sophos engine scans the message second. If the Sophos engine detects a virus, the message is
dropped or repaired, depending on the configuration. If the Sophos engine does not detect a virus,
the message is delivered to the recipient.
Question 10
Which antispam feature is utilized to give end users control to allow emails that are spam to be
delivered to their inbox, overriding any spam verdict and action on the Cisco ESA?
- A. end user allow list
- B. end user spam quarantine access
- C. end user passthrough list
- D. end user safelist
Answer:
D
Explanation:
End user safelist is a feature that allows end users to specify email addresses or domains that they
want to receive messages from, regardless of the spam verdict or action assigned by Cisco ESA.
Messages from senders on the end user safelist are delivered to the end user’s inbox without any
spam filtering.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 10-13.
Question 11
What are two prerequisites for implementing undesirable URL protection in Cisco ESA? (Choose
two.)
- A. Enable outbreak filters.
- B. Enable email relay.
- C. Enable antispam scanning.
- D. Enable port bouncing.
- E. Enable antivirus scanning.
Answer:
AC
Explanation:
Undesirable URL protection is a feature that allows Cisco ESA to detect and block messages that
contain URLs that lead to malicious or unwanted websites, such as phishing, malware, or adult
content sites. To enable this feature, outbreak filters and antispam scanning must be enabled on
Cisco ESA.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 6-17.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01111.html
Question 12
DRAG DROP
Drag and drop the steps to configure Cisco ESA to use SPF/SIDF verification from the left into the
correct order on the right.
Answer:
Explanation:
Question 13
Which suboption must be selected when LDAP is configured for Spam Quarantine End-User
Authentication?
- A. Designate as the active query
- B. Update Frequency
- C. Server Priority
- D. Entity ID
Answer:
A
Explanation:
According to the User Guide1
, the steps to configure End-User Access to the Spam Quarantine via
LDAP are as follows:
On the ESA, choose System Administration > LDAP > LDAP Server Profile page.
Click Add LDAP Server Profile.
Enter a name for the profile and click Submit.
Click Add Query.
Enter a name for the query and click Submit.
Configure the query settings, such as server address, port number, base DN, scope, filter, and
attributes.
Check the Spam Quarantine End-User Authentication Query check box. This is the suboption that
enables LDAP authentication for end users who access the spam quarantine.
Check the Designate as the active query check box. This is the suboption that specifies which query
to use for end-user authentication. Only one query can be active at a time.
Click Submit and commit changes.
On the ESA, choose Monitor > Spam Quarantine > End-User Quarantine Access.
Check the Enable End-User Quarantine Access check box.
Choose LDAP from the End-User Authentication drop-down list.
Select the LDAP profile and query that you created earlier from the drop-down lists.
Click Submit and commit changes.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/security_management/sma/sma11-5/user_guide/b_SMA_Admin_Guide_11_5/b_SMA_Admin_Guide_11_5_chapter_01010.html
Question 14
Which action must be taken before a custom quarantine that is being used can be deleted?
- A. Delete the quarantine that is assigned to a filter.
- B. Delete the quarantine that is not assigned to a filter.
- C. Delete only the unused quarantine.
- D. Remove the quarantine from the message action of a filter.
Answer:
D
Explanation:
Before a custom quarantine that is being used can be deleted, it must be removed from the message
action of any filter that is using it on Cisco ESA. Otherwise, an error message will appear stating that
the quarantine cannot be deleted because it is in use.
Reference:
User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway
, page 10-5.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011111.html
Question 15
DRAG DROP
An Encryption Profile has been set up on the Cisco ESA.
Drag and drop the steps from the left for creating an outgoing content filter to encrypt emails that
contains the subject "Secure:" into the correct order on the right.
Answer:
Explanation:
Reference:
https://community.cisco.com/t5/email-security/keyword-in-subject-line-to-encrypt-message/td-
p/2441383