Pass the Cisco CCNP Security 300-720 Questions and answers with ValidTests

To meet the requirement of ensuring that emails received by company users that contain URLs do not make them susceptible to data loss from accessing malicious or undesired external content sources, the administrator must configure two features on Cisco Secure Email Gateway: antispam scanning and URL filtering. Antispam scanning can block or quarantine messages that are identified as spam based on various criteria, such as sender reputation, message content, and message headers. URL filtering can rewrite or defang URLs in messages that are associated with malicious or undesirable websites, such as phishing, malware, adult, or gambling sites. References: [Cisco Secure Email Gateway Administrator Guide - Configuring Antispam Scanning] and [Cisco Secure Email Gateway Administrator Guide - Configuring URL Filtering]

Non-final actions are actions that do not terminate the message filter evaluation, such as adding headers, setting variables, logging, etc. Final actions are actions that end the message filter evaluation and determine the fate of the message, such as accept, drop, bounce, quarantine, etc.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 3-4.

If you store user information within LDAP directories in your network infrastructure you can configure the appliance to query your LDAP servers to accept, route, and authenticate messages. https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_011010.html

The content filter condition that checks to see if the “From: header” in the message is similar to any of the users in the content dictionary is Forged Email Detection. This condition compares the sender’s name or email address with a list of names or email addresses in a content dictionary and triggers an action if they match or are similar. References: [Cisco Secure Email Gateway Administrator Guide - Forged Email Detection]

DLP (Data Loss Prevention) is a security service that is configured only through an outgoing mail policy on Cisco ESA. DLP allows Cisco ESA to scan outgoing messages for sensitive or confidential data, such as credit card numbers, social security numbers, health records, etc., and apply appropriate actions, such as encrypt, quarantine, notify, etc., to prevent data leakage or loss.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-2.

Reference https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/ b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_01001.html

The maximum message size that can be configured for encryption on the Cisco ESA is 25 MB. This is the default value for the Maximum Message Size for Encryption setting in the Encryption Profile. Messages that exceed this size will not be encrypted and will be delivered as normal.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 12-6.

You can configure Policy, Virus, and Outbreak Quarantines in any one of the following ways:

Choose Quarantine > Other Quarantine > View > +.

Choose Monitor > Policy, Virus, and Outbreak Quarantines and do one of the following.

Click Add Policy Quarantine.

Keep the following in mind, changing the retention time of the File Analysis quarantine from the default of one hour is not recommended.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_011111.html?bookSearch=true

Message filter and content filter are two filters that should be configured to address this issue. Message filter and content filter are rules that allow Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc.

To reduce the number of inappropriate emails containing profanity, the network administrator can create a dictionary that contains a list of profane words or phrases and use it as a condition in a message filter or content filter that applies an action of “drop”, “quarantine”, or “modify subject” on the matching messages.

The other options are not valid filters to address this issue, because they do not use dictionaries or conditions based on message content.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 8-3 and page 8-7.

According to the [Cisco Secure Email Encryption Service Add-In User Guide], you can create an encryption profile that defines the encryption settings and options for your encrypted messages[2, p. 11]. You can also create an outgoing content filter that applies the encryption profile to the messages that match certain conditions, such as having [SECURE] in the subject header[2, p. 12]. This way, you can allow users to flag the messages that require encryption by adding [SECURE] to the subject line.

The other options are not valid because:

A. Creating an encryption profile with [SECURE] in the Subject setting and enabling encryption on the mail flow policy will not work, as the Subject setting in the encryption profile is used to specify the subject line of the encrypted message envelope, not the original message[2, p. 11].

B. Creating an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting will not work, as this will encrypt all outgoing messages regardless of whether they have [SECURE] in the subject line or not[2, p. 12].

D. Creating a DLP policy manager message action with encryption enabled and applying it to active DLP policies for outgoing mail will not work, as this will encrypt messages based on DLP rules that detect sensitive data in the message content, not based on user flags in the subject line.

LDAP acceptance validation is a feature that allows the Cisco Secure Email Gateway to check if the recipient address of an incoming message exists in an LDAP directory before accepting it. This feature can help prevent spammers from sending emails with invalid recipient addresses and reduce the load on the appliance2. References = User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Configuring LDAP Queries [Cisco Secure Email Gateway] - Cisco