Pass the Cisco CCNP Security 300-720 Questions and answers with ValidTests

To disable local spam quarantine before external quarantine is enabled on Cisco ESA, two steps are needed:

Select Security Services and click Spam Quarantine, which will open the Spam Quarantine settings page.

Uncheck the Enable Spam Quarantine check box, which will disable the local spam quarantine feature on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-2.

Outgoing Mail Policy is a mail policy that should be created to accomplish this task. Outgoing Mail Policy is a set of rules that determine how outgoing messages are processed by Cisco ESA, including whether to apply DLP scanning or not.

To create an Outgoing Mail Policy named ‘Sales’ and assign a DLP policy to it, the administrator can follow these steps:

Select Mail Policies > Outgoing Mail Policies and click Add Policy.

Enter ‘Sales’ as the policy name and click Submit.

Select ‘Sales’ from the list of policies and click Edit Settings.

Under Data Loss Prevention, select Enable Data Loss Prevention Scanning and choose the DLP policy from the drop-down menu.

Click Submit.

The other options are not valid mail policies to accomplish this task, because they do not apply to outgoing messages or DLP scanning.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-2 and page 9-4.

The PVO cannot be enabled and shows this type of error message.

Unable to proceed with Centralized Policy, Virus and Outbreak Quarantines

configuration as host1 and host2 in Cluster have content filters / DLP actions

available at a level different from the cluster Level.

The error message can indicate that one of the hosts does not have a DLP feature key applied and DLP is disabled. The solution is to add the missing feature key and apply DLP settings identical as on the host that has the feature key applied. This feature key inconsistency might have the same effect with Outbreak Filters, Sophos Antivirus, and other feature keys.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118026-technote-esa-00.html

Overview of Encrypting Communication with Other MTAs:

AsyncOS supports the STARTTLS extension to SMTP (Secure SMTP over TLS).

The TLS implementation in AsyncOS provides privacy through encryption.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_011001.html?bookSearch=true

With DomainKeys or DKIM email authentication, the sender signs the email using public key cryptography. Configuring DomainKeys and DKIM Signing A signing key is the private key stored on the appliance. https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_010101.html?bookSearch=true

STARTTLS is an SMTP extension that allows email servers to negotiate a secure connection using TLS or SSL encryption. Cisco ESA supports STARTTLS for both inbound and outbound email delivery.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 5-2.

The altsrchost command enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way. This command allows you to specify an alternate source host for messages that match a message filter. You can use this command to route messages to different virtual gateways based on the message content or attributes.

References: Securing Email with Cisco Email Security Appliance (SESA) v3.1, Module 5: Using Message Filters to Enforce Email Policies, Lesson 1: Using Message Filters

The allow list is a feature that allows Cisco ESA to accept messages from specific email addresses or domains, regardless of their sender-based reputation score or other reputation filters.

To allow inbound email from that specific domain, the administrator should add the domain into the allow list on Cisco ESA, which can be done from the web user interface by selecting Security Services > Safelist/Blocklist and clicking Add Entry.

The other options are not valid solutions to allow inbound email from that specific domain, because they do not affect the sender-based reputation score or the reputation filters on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-13 and page 6-14.