What is a benefit of implementing URL filtering on the Cisco ESA? removes threats from malicious URLs blacklists spam provides URL reputation protection enhances reputation against malicious URLs.
Which suboption must be selected when LDAP is configured for Spam Quarantine End-User Authentication? Designate as the active query Update Frequency Server Priority Entity ID.
Which method enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way? Setup the interface group with the flag. Issue the altsrchost command. Map the envelope sender address to the host. Apply a filter on the message.
When URL logging is configured on a Cisco ESA, which feature must be enabled first? antivirus antispam virus outbreak filter senderbase reputation filter.
What must be configured to allow the Cisco ESA to encrypt an email using the Cisco Registered Envelope Service? provisioned email encryption profile message encryption from a content filter that select "Message Encryption” over TLS message encryption from the mail flow policies with "CRES" selected content filter to forward the email to the Cisco Registered Envelope server.
Which benefit does enabling external spam quarantine on Cisco SMA provide? ability to back up spam quarantine from multiple Cisco ESAs to one central console access to the spam quarantine interface on which a user can release, duplicate, or delete ability to scan messages by using two engines to increase a catch rate ability to consolidate spam quarantine data from multiple Cisco ESA to one central console.
s a.
Which Cisco ESA security service is configured only through an outgoing mail policy? antivirus DLP Outbreak Filters AMP.
Which action must be taken before a custom quarantine that is being used can be deleted? Delete the quarantine that is assigned to a filter. Delete the quarantine that is not assigned to a filter. Delete only the unused quarantine. Remove the quarantine from the message action of a filter.
Which two components form the graymail management solution in Cisco ESA? (Choose two.) cloud-based unsubscribe service uniform unsubscription management interface for end users secure subscribe option for end users integrated graymail scanning engine improved mail efficacy.
What is a valid content filter action? decrypt on delivery quarantine skip antispam archive.
Which two steps configure Forged Email Detection? (Choose two.) Configure a content dictionary with executive email addresses. Configure a filter to use the Forged Email Detection rule and dictionary. Configure a filter to check the Header From value against the Forged Email Detection dictionary. Enable Forged Email Detection on the Security Services page. Configure a content dictionary with friendly names.
Which process is skipped when an email is received from safedomain.com, which is on the safelist? Message filter antivirus scanning outbreak filter antispam scanning.
no points for this, click on the image.
no points for this, click on the image.
Which two features are applied to either incoming or outgoing mail policies? (Choose two.) Indication of Compromise application filtering outbreak filters sender reputation filtering antivirus.
What is the order of virus scanning when multilayer antivirus scanning is configured? The default engine scans for viruses first and the McAfee engine scans for viruses second. The Sophos engine scans for viruses first and the McAfee engine scans for viruses second. The McAfee engine scans for viruses first and the default engine scans for viruses second. The McAfee engine scans for viruses first and the Sophos engine scans for viruses second.
What are two phases of the Cisco ESA email pipeline? (Choose two.) reject workqueue action delivery quarantine.
What are two prerequisites for implementing undesirable URL protection in Cisco ESA? (Choose two.) enable outbreak filters. Enable email relay. Enable antispam scanning. Enable port bouncing. Enable antivirus scanning.
Which attack is mitigated by using Bounce Verification? spoof denial of service eavesdropping smurf.
Which two steps are needed to disable local spam quarantine before external quarantine is enabled? (Choose two.) Uncheck the Enable Spam Quarantine check box. Select Monitor and click Spam Quarantine. Check the External SafelistBlocklist check box. Select External Spam Quarantine and click on Configure. Select Security Services and click Spam Quarantine.
Which SMTP extension does Cisco ESA support for email security? ETRN UTF8SMTP PIPELINING STARTTLS.
Which two query types are available when an LDAP profile is configured? (Choose two.) proxy consolidation user recursive group routing.
Which two certificate authority lists are available in Cisco ESA? (Choose two.) default system user custom demo.
Which action is a valid fallback when a client certificate is unavailable during SMTP authentication on Cisco ESA? LDAP Query SMTP AUTH SMTPTLS LDAP BIND.
What is the default HTTPS port when configuring spam quarantine on Cisco ESA? 83 82 443 80.
Which type of attack is prevented by configuring file reputation filtering and file analysis features? denial of service zero-day backscatter phishing.
When DKIM signing is configured, which DNS record must be updated to load the DKIM public signing key? AAAArecord PTR record TXT record MX record.
When outbreak filters are configured, which two actions are used to protect users from outbreaks? (Choose two.) redirect return drop delay abandon.
Which setting affects the aggressiveness of spam detection? protection level spam threshold spam timeout maximum depth of recursion scan.
How does the graymail safe unsubscribe feature function? It strips the malicious content of the URI before unsubscribing. It checks the URI reputation and category and allows the content filter to take an action on it. It redirects the end user who clicks the unsubscribe button to a sandbox environment to allow a safe unsubscribe. It checks the reputation of the URI and performs the unsubscribe process on behalf of the end user.
Which two components must be configured to perform DLP scanning? (Choose two.) Add a DLP policy on the Incoming Mail Policy. Add a DLP policy to the DLP Policy Manager. Enable a DLP policy on the Outgoing Mail Policy. Enable a DLP policy on the DLP Policy Customizations. Adda DLP policy to the Outgoing Content Filter.
Email encryption is configured on a Cisco ESA that uses CRES.
Which action is taken on a message when CRES is unavailable? it is requeued. It is sent in clear text. it is dropped and an error message is sent to the sender. it is encrypted by a Cisco encryption appliance.
Which two statements about configuring message filters within the Cisco ESA are true? (Choose two.) The filters command executed from the CLI is used to configure the message filters. Message filters configuration within the web user interface is located within Incoming Content Filters. The filterconfig command executed from the CLI is used to configure message filters. Message filters can be configured only from the CLI. Message filters can be configured only from the web user interface.
Which two action types are performed by Cisco ESA message filters? (Choose two.) non-final actions filter actions discard actions final actions quarantine actions.
When email authentication is configured on Cisco ESA, which two key types should be selected on the signing profile? (Choose two.) DKIM Public Keys Domain Keys Symmetric Keys Private Keys.
What is the maximum message size that can be configured for encryption on the Cisco ESA? 20 MB 25MB 15MB 30MB.
Which two actions are configured on the Cisco ESA to query LDAP servers? (Choose two.) accept relay delay route reject.
no points for this, click on the image.
Which antispam feature is utilized to give end users control to allow emails that are spam to be delivered to their inbox, overriding any spam verdict and action on the Cisco ESA? end user allow list end user spam quarantine access end user passthrough list end user safelist.
When the Spam Quarantine is configured on the Cisco ESA, what validates end-users via LDAP during login to the End-User Quarantine? Enabling the End-User Safelist/Blocklist feature Spam Quarantine External Authentication Query Spam Quarantine End-User Authentication Query Spam Quarantine Alias Consolidation Query.
Which feature must be configured before an administrator can use the outbreak filter for nonviral threats? quarantine threat level antispam data loss prevention antivirus.
Which two features of Cisco Email Security are added to a Sender Group to protect an organization against email threats? (Choose two.) NetFlow geolocation-based filtering heuristic-based filtering senderbase reputation filtering content disarm and reconstruction.
Which two factors must be considered when message filter processing is configured? (Choose two.) message-filter order lateral processing Structure of the combined packet mail policies MIME structure of the message.
Which two configurations are used on multiple LDAP servers to connect with Cisco ESA? (Choose two.) load balancing SLA monitor active-standby failover active-active.
An analyst creates a new content dictionary to use with Forged Email Detection.
Which entry will be added into the dictionary? mycompany.com Alpha Beta 4Alpha\ Beta$ Alpha.Beta@mycompany.com.
What occurs when configuring separate incoming mail policies? message splintering message exceptions message detachment message aggregation.
no points for this, click on the image.
An administrator is trying to enable centralized PVO but receives the error, "Unable to proceed with Centralized Policy, Virus and Outbreak Quarantines configuration as esa‘
in Cluster has content filters / DLP actions available at a level different from the cluster level."
What is the cause of this error? Content filters are configured at the machine-level on esa1 DLP Is not configured on host1. DLP is configured at the cluster-level on esa2. DLP is configured at the domain-level on esa1.
Which two are configured in the DMARC verification profile? (Choose two.) name of the verification profile minimum number of signatures to verify ESA listeners to use the verification profile message action into an incoming or outgoing content filter message action to take when the policy is reject/quarantine.
What is the default behavior of any listener for TLS communication? preferred-verify off preferred required.
Which feature utilizes sensor information obtained from Talos intelligence to filter email servers connecting into the Cisco ESA? SenderBase Reputation Filtering Connection Reputation Filtering Talos Reputation Filtering SpamCop Reputation Filtering.
What is the default port to deliver emails from the Cisco ESA to the Cisco SMA using the centralized Spam Quarantine? 8025 6443 6025 8443.
Which type of query must be configured when setting up the Spam Quarantine while merging notifications? Spam Quarantine Alias Routing Query Spam Quarantine Alias Consolidation Query Spam Quarantine Alias Authentication Query Spam Quarantine Alias Masquerading Query.
no points for this, click on the image.
What are two primary components of content filters? (Choose two.) conditions subject content actions policies.
no points for this, click on the image.
Which global setting is configured under Cisco ESA Scan Behavior? minimum attachment size to scan attachment scanning timeout actions for unscannable messages due to attachment type minimum depth of attachment recursion to scan.
Which action on the Cisco ESA provides direct access to view the safelist/blocklist? show the SLBL cache on the CLI Monitor incoming/Outgoing Listener Export tne SLBL toa csv file. Debug the mail flow policy.
When the Cisco ESA is configured to perform antivirus scanning, what is the default timeout value? 30 seconds 90 seconds 60 seconds 420 seconds.
Which scenario prevents a message from being sent to the quarantine as an action in the scan behavior on Cisco ESA? A policy quarantine is missing. More than one email pipeline is defined. the "modify the message subject” is already s The “add custom header" action is performed first.
.
|
