2023 Realistic 300-720 100% Pass Guaranteed Download Exam Q&A [Q46-Q71]

Share

2023 Realistic 300-720 100% Pass Guaranteed Download  Exam Q&A

Accurate 300-720 Answers 365 Days Free Updates

NEW QUESTION # 46
Which three options are Cisco ESA facilities that can use LDAP group queries? (Choose three.)

  • A. Message filters
  • B. Content filters
  • C. RAT
  • D. Incoming mail policies
  • E. SenderBase reputation filtering
  • F. Anti-spam settings
  • G. Destination controls
  • H. Sender groups

Answer: A,B,D


NEW QUESTION # 47
Drag and drop the steps to configure Cisco ESA to use SPF/SIDF verification from the left into the correct order on the right.

Answer:

Explanation:


NEW QUESTION # 48
What is the default HTTPS port when configuring spam quarantine on Cisco ESA?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A


NEW QUESTION # 49
Refer to the exhibit. Which configuration on the scan behavior must be updated to allow the attachment to be scanned on the Cisco ESA?

  • A. Increase the maximum attachment size to scan to a larger value.
  • B. Add an additional mapping for attachment type for zip files.
  • C. Increase the maximum recursion depth from 5 to a larger value.
  • D. Enable assume match pattern if the email was not scanned for any reason.

Answer: B


NEW QUESTION # 50
Drag and Drop Question
Drag and drop the Cisco ESA reactions to a possible DLP from the left onto the correct action types on the right.

Answer:

Explanation:


NEW QUESTION # 51
Which suboption must be selected when LDAP is configured for Spam Quarantine End-User Authentication?

  • A. Entity ID
  • B. Server Priority
  • C. Update Frequency
  • D. Designate as the active query

Answer: D


NEW QUESTION # 52
A content dictionary was created for use with Forged Email Detection. Proper data that pertains to the CEO Example CEO: <ceo@example com> must be entered. What must be added to the dictionary to accomplish this goal?

  • A. ceo@example com
  • B. example.com
  • C. Example CEO
  • D. ceo

Answer: A

Explanation:
[email protected] is the data that must be added to the dictionary to accomplish this goal. A content dictionary is a list of values that can be used as a condition in a content filter or a message filter. Forged Email Detection is a feature that allows Cisco ESA to detect and prevent email spoofing attacks, where the sender's address or domain is forged to appear as someone else, such as the CEO of the organization.
To create a content dictionary for use with Forged Email Detection on Cisco ESA, the administrator can follow these steps:
Select Mail Policies > Content Dictionaries and click Add Dictionary.
Enter a name and description for the content dictionary, such as CEO Email.
Under Dictionary Values, click Add Value.
Enter the email address of the CEO, such as [email protected].
Click Submit.


NEW QUESTION # 53
Refer to the exhibit.


Which configuration allows the Cisco Secure Email Gateway to scan for executables inside the archive file and apply the action as per the content filter?

  • A. Modify the content filter to look for exe filename instead of executable filetype.
  • B. Modify the content filter to look for attachment filetype of compressed.
  • C. Configure the maximum attachment size to a higher value.
  • D. Configure the recursion depth to a higher value.

Answer: D

Explanation:
The recursion depth is the number of levels that the Cisco Secure Email Gateway will scan inside an archive file for executables and other file types. If the recursion depth is too low, some executables may not be detected and scanned by the content filter. To allow the appliance to scan for executables inside the archive file and apply the action as per the content filter, you need to configure the recursion depth to a higher value1. Reference = User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Configuring File Reputation Filtering and File Analysis [Cisco Secure Email Gateway] - Cisco


NEW QUESTION # 54
Drag and Drop Question
An administrator must ensure that emails sent from [email protected] are routed through an alternate virtual gateway. Drag and drop the snippet from the bottom onto the blank in the graphic to finish the message filter syntax. Not all snippets are used.

Answer:

Explanation:


NEW QUESTION # 55
Which benefit does enabling external spam quarantine on Cisco SMA provide?

  • A. ability to scan messages by using two engines to increase a catch rate
  • B. ability to back up spam quarantine from multiple Cisco ESAs to one central console
  • C. ability to consolidate spam quarantine data from multiple Cisco ESA to one central console
  • D. access to the spam quarantine interface on which a user can release, duplicate, or delete

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/security_management/sma/sma11-0/user_guide/ b_SMA_Admin_Guide/b_SMA_Admin_Guide_chapter_010101.html


NEW QUESTION # 56
Which two actions are configured on the Cisco ESA to query LDAP servers? (Choose two.)

  • A. reject
  • B. delay
  • C. route
  • D. accept
  • E. relay

Answer: C,D

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/ b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_011010.html


NEW QUESTION # 57
An engineer is configuring a Cisco ESA for the first time and needs to ensure that any email traffic coming from the internal SMTP servers is relayed out through the Cisco ESA and is tied to the Outgoing Mail Policies.
Which Mail Flow Policy setting should be modified to accomplish this goal?

  • A. Reverse Connection Verification
  • B. Exception List
  • C. Bounce Detection Signing
  • D. Connection Behavior

Answer: D

Explanation:
Reference:
Connection Behavior setting allows you to specify how the Cisco Email Security Appliance (ESA) handles incoming connections from different sender groups. You can choose from four different settings:
Accept: The ESA accepts all connections from the sender group and applies the mail flow policy settings to the messages.
Throttle: The ESA limits the number of concurrent connections and messages per connection from the sender group. This can help reduce the impact of spam or malicious traffic on the ESA's performance.
Reject: The ESA rejects all connections from the sender group and returns a 5xx SMTP error code to the sender. This can help block unwanted or abusive senders from reaching your network.
Test: The ESA accepts connections from the sender group but does not deliver the messages to the recipients. Instead, it logs the messages and marks them as test messages. This can help you test the mail flow policy settings before applying them to real traffic.
To modify the Connection Behavior setting for a sender group, you need to do the following steps:
On the ESA, choose Mail Policies > HAT Overview.
Click Edit Settings for the sender group that you want to modify.
In the Mail Flow Policy Settings section, choose one of the options from the Connection Behavior drop-down list.
Click Submit and commit changes.


NEW QUESTION # 58
Which components are required when encrypting SMTP with TLS on a Cisco Secure Email Gateway appliance when the sender requires TLS verification?

  • A. DER certificate and matching public key from a CA
  • B. X. 509 certificate and matching private key from a CA
  • C. self-signed certificate in PKCS#7 format
  • D. self-signed certificate in PKCS#12 format

Answer: B

Explanation:
To encrypt SMTP with TLS on a Cisco Secure Email Gateway appliance when the sender requires TLS verification, the components that are required are an X.509 certificate and matching private key from a CA. The certificate must be signed by a trusted CA and contain the domain name or IP address of the listener in the Subject or Subject Alternative Name fields. The private key must be unencrypted and match the certificate. Reference: [Cisco Secure Email Gateway Administrator Guide - Configuring TLS]


NEW QUESTION # 59
Spammers routinely try to send emails with the recipient field filled with a list of all possible combinations of letters and numbers. These combinations, appended with a company domain name are malicious attempts at learning all possible valid email addresses. Which action must be taken on a Cisco Secure Email Gateway to prevent this from occurring?

  • A. Select the SMTP Authentication Query checkbox
  • B. Quarantine external authentication queries.
  • C. Perform LDAP acceptance validation.
  • D. Enable end user safelist features

Answer: C

Explanation:
LDAP acceptance validation is a feature that allows the Cisco Secure Email Gateway to check if the recipient address of an incoming message exists in an LDAP directory before accepting it. This feature can help prevent spammers from sending emails with invalid recipient addresses and reduce the load on the appliance2. Reference = User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Configuring LDAP Queries [Cisco Secure Email Gateway] - Cisco


NEW QUESTION # 60
An administrator is trying to enable centralized PVO but receives the error, "Unable to proceed with Centralized Policy, Virus and Outbreak Quarantines configuration as esa1 in Cluster has content filters / DLP actions available at a level different from the cluster level." What is the cause of this error?

  • A. DLP is configured at the domain-level on esa1.
  • B. Content filters are configured at the machine-level on esa1.
  • C. DLP is configured at the cluster-level on esa2.
  • D. DLP is not configured on host1.

Answer: B

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200083-Requirements-for-the-PVO-Migration-Wizar.html


NEW QUESTION # 61
Which two configurations are used on multiple LDAP servers to connect with Cisco ESA? (Choose two.)

  • A. failover
  • B. load balancing
  • C. SLA monitor
  • D. active-standby
  • E. active-active

Answer: A,B

Explanation:
You can enter multiple host names to configure the LDAP servers for failover or load-balancing. Separate multiple entries with commas.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/sma_user_guide/ b_SMA_Admin_Guide_ces_11/b_SMA_Admin_Guide_chapter_01010.html


NEW QUESTION # 62
A Cisco ESA administrator was notified that a user was not receiving emails from a specific domain. After reviewing the mail logs, the sender had a negative sender-based reputation score.
What should the administrator do to allow inbound email from that specific domain?

  • A. Add the domain into the allow list.
  • B. Ask the user to add the sender to the email application's allow list.
  • C. Modify the firewall to allow emails from the domain.
  • D. Create a new inbound mail policy with a message filter that overrides Talos.

Answer: A


NEW QUESTION # 63
An administrator notices that incoming emails with certain attachments do not get delivered to all recipients when the emails have multiple recipients in different domains like cisco.com and test.com. The same emails when sent only to recipients in cisco.com are delivered properly. How must the Cisco Secure Email Gateway be configured to avoid this behavior?

  • A. Modify mail policies so email recipients do not match multiple policies.
  • B. Modify DLP configuration to exempt DLP scanning for messages sent to test.com domain
  • C. Modify DLP configuration to ensure that all attachments are permitted for test.com.
  • D. Modify mail policies for cisco.com to ensure that emails are not dropped.

Answer: A

Explanation:
By modifying the mail policies, specifically the recipient matching criteria, you can ensure that email recipients do not match multiple policies simultaneously. When recipients in the email message belong to different domains (e.g., cisco.com and test.com), it can result in multiple policies being triggered simultaneously, leading to inconsistent delivery of emails with attachments.
DLP is for outgoing mail only and not relevant to incoming mail.


NEW QUESTION # 64
Which global setting is configured under Cisco ESA Scan Behavior?

  • A. minimum depth of attachment recursion to scan
  • B. minimum attachment size to scan
  • C. attachment scanning timeout
  • D. actions for unscannable messages due to attachment type

Answer: C

Explanation:
Reference:
https://community.cisco.com/t5/email-security/cisco-ironport-esa-security-services-scan-behavior- impact-on-av/td-p/3923243


NEW QUESTION # 65
When the spam quarantine is configured on the Cisco Secure Email Gateway, which type of query is used to validate non administrative user access to the end-user quarantine via LDAP?

  • A. spam quarantine end-user authentication
  • B. spam quarantine alias consolidation
  • C. local mailbox (IMAP/POP) authentication
  • D. spam quarantine external authorization

Answer: A

Explanation:
spam quarantine end-user authentication query is used to validate non administrative user access to the end-user quarantine via LDAP1. This query is configured in the System Administration > LDAP > LDAP Server Profile page and can be tested using the smtproutes command in the CLI1. The other queries are not related to this task. The spam quarantine alias consolidation query is used to consolidate multiple email addresses for a user into one login2. The spam quarantine external authorization query is used to authorize users to access an external spam quarantine on a separate Cisco Secure Email and Web Manager3. The local mailbox (IMAP/POP) authentication is an alternative method to authenticate users without using LDAP2.


NEW QUESTION # 66
Which feature utilizes sensor information obtained from Talos intelligence to filter email servers connecting into the Cisco ESA?

  • A. Connection Reputation Filtering
  • B. SpamCop Reputation Filtering
  • C. Talos Reputation Filtering
  • D. SenderBase Reputation Filtering

Answer: D


NEW QUESTION # 67
Which two query types are available when an LDAP profile is configured? (Choose two.)

  • A. user
  • B. proxy consolidation
  • C. routing
  • D. group
  • E. recursive

Answer: C,D

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/ b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011010.html


NEW QUESTION # 68
When outbreak filters are configured, which two actions are used to protect users from outbreaks? (Choose two.)

  • A. delay
  • B. return
  • C. drop
  • D. redirect
  • E. abandon

Answer: A,D

Explanation:
The Outbreak Filters feature uses three tactics to protect your users from outbreaks:
Delay.
Redirect.
Modify.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01110.html


NEW QUESTION # 69
An analyst creates a new content dictionary to use with Forged Email Detection.
Which entry will be added into the dictionary?

Answer: D

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/security/email-security-appliance/ whitepaper_C11-737596.html


NEW QUESTION # 70
Which process is skipped when an email is received from safedomain.com, which is on the safelist?

  • A. antispam scanning
  • B. antivirus scanning
  • C. message filter
  • D. outbreak filter

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/214269-filter-to- handle-messages-that-skipped-d.html


NEW QUESTION # 71
......


To pass the Cisco 300-720 exam, candidates must have a strong understanding of email security concepts such as email authentication, encryption, and filtering. They must also be familiar with various email protocols such as SMTP, POP3, and IMAP.

 

300-720 dumps Exam Material with 149 Questions: https://pass4itsure.passleadervce.com/CCNP-Security/reliable-300-720-exam-learning-guide.html