300-720 Exam Dumps - Cisco CCNP Security Questions and Answers

The feature that must be configured before an administrator can use the outbreak filter for nonviral threats is antispam. The outbreak filter relies on the antispam engine to detect and block nonviral threats, such as phishing, malware, or spam campaigns. You need to enable antispam scanning and configure the antispam settings before you can use the outbreak filter.

The Outbreak Filters feature uses three tactics to protect your users from outbreaks:

Delay.

Redirect.

Modify.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_ chapter_01110.html

To use DKIM for outbound email, the administrator must export the DNS TXT record from the Cisco Secure Email Gateway and provide it to the DNS registrar of the domain. This will allow the recipient servers to verify the DKIM signature of the email by querying the DNS rec ord of the sender domain.  References : [Cisco Secure Email Gateway Administrator Guide - Configuring DKIM Signing]

 spam quarantine end-user authentication query is used to validate non administrative user access to the end-user quarantine via LDAP 1 .  This query is configured in the System Admini stration > LDAP > LDAP Server Profile page and can be tested using the smtproutes command in the CLI 1 . The other queries are not related to this task.  The spam quarantine alias consolidation query is used to consolidate multiple email addresses for a user into one login 2 .  The spam quarantin e external authorization query is used to authorize users to access an external spam quarantine on a separate Cisco Secure Email and Web Manager 3 .  The local mailbox (IMAP/POP) authentication is an alternative method to authenticate users without using LDAP 2 .

A content filter action is an operation that Cisco ESA performs on a message if it matches the conditions of a content filter rule, such as headers, envelope, body, attachments, etc.

Quarantine is a valid content filter action that allows Cisco ESA to store the message in a quarantine area for further review or release by an administrator or an end user.

The other options are not valid content filter actions on Cisco ESA.

System: This is the default list of trusted certificate authorities that is provided by Cisco and updated automatically. It contains the certificates of well-known and widely used certificate authorities, such as VeriSign, Thawte, and GoDaddy.

Custom: This is the list of additional certificate authorities that you can add manually or import from a file. It allows you to trust certificates that are issued by your own or third-party certificate authorities that are not included in the system list.

Large file attachments will be sent as a securedoc attachment. This means that the recipient will receive an encrypted message with a securedoc.html attachment that contains a link to download the large file from the Cisco Secure Email Encryption Service portal[ 2 , p. 9].

This feature can only be enabled if the Read from Message feature is enabled. The Read from Message feature allows you to encrypt messages based on keywords or phrases in the subject or body of the me ssage. You need to enable this feature before you can enable the large file attachments feature[ 2 , p. 8].

The other options are not valid because:

A. Large file attachments can be sent using both the websafe portal and the Cisco Secure Email Add-In. The we bsafe portal allows you to compose and send encrypted messages from any web browser, while the Cisco Secure Email Add-In allows you to encrypt messages from your email client such as Outlook[ 2 , p. 6-7].

B. This feature allows users to send up to 100MB of a ttachments in a secure email, not 50MB[ 2 , p. 9].

D. Large file attachments can be sent using both the websafe portal and the Cisco Secure Email Add-In. The websafe portal allows you to compose and send encrypted messages from any web browser, while the Cis co Secure Email Add-In allows you to encrypt messages from your email client such as Outlook[ 2 , p. 6-7].

The maximum attachment size to scan is a configuration on the scan behavior that determines the maximum size of an attachment that Cisco ESA will scan for viruses and malware. If an attachment exceeds this size, Cisco ESA will apply the configured action for unscannable messages, such as deliver, drop, or quarantine.

To allow the attachment to be scanned on the Cisco ESA, this configuration must be updated to a larger value than the attachment size, which is 10 MB according to the message header.

The other options are not valid configurations to allow the attachment to be scanned on the Cisco ESA, because they do not affect the maximum attachment size to scan.