300-720 Exam Dumps - Cisco CCNP Security Questions and Answers

Content filters are rules that allow Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc.

The two primary components of content filters are:

• Conditions, which are the criteria that determine whether a message matches a content filter rule or not, such as message size, sender address, attachment type, etc.
• Actions, which are the operations that Cisco ESA performs on a message if it matches the conditions of a content filter rule, such as deliver, drop, quarantine, encrypt, etc.

The other options are not primary components of content filters on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 8-3 and page 8-4.

Forged Email Detection is a feature that allows Cisco ESA to detect and block messages that spoof the display names of internal senders in the From header, such as executives or managers, to trick recipients into opening malicious or fraudulent emails. To configure this feature, two steps are required:

• Configure a content dictionary with friendly names of internal senders that should not appear in the From header of external messages, such as Alpha Beta or John Smith.
• Configure a filter to use the Forged Email Detection rule and dictionary, which will compare the display name in the From header of incoming messages with the entries in the content dictionary, and apply the configured action if a match is found.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-8.

Undesirable URL protection is a feature that allows Cisco ESA to detect and block messages that contain URLs that lead to malicious or unwanted websites, such as phishing, malware, or adult content sites. To enable this feature, outbreak filters and antispam scanning must be enabled on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-17.

Geolocation-based filtering and senderbase reputation filtering are two features of Cisco Email Security that can be added to a Sender Group to protect an organization against email threats. Geolocation-based filtering allows Cisco ESA to accept or reject connections from email servers based on their geographic location, such as country or continent. Senderbase reputation filtering allows Cisco ESA to reject or throttle connections from email servers based on their reputation score, which is calculated by Talos using sensor information from various sources.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 5-4 and page 6-2.

The graymail management solution in the appliance comprises of two components: an integrated graymail scanning engine and a cloud-based Unsubscribe Service. The integrated graymail scanning engine identifies graymail messages using various criteria and assigns them to different categories. The cloud-based Unsubscribe Service provides an easy mechanism for end users to unsubscribe from unwanted messages by checking the reputation of the unsubscribe links and performing the unsubscribe process on behalf of the end user.

References: User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment), Chapter: Managing Graymail, Section: Graymail Management Solution in Email Security Appliance

Direct access via web browser requires authentication is the restriction that is in place for end users accessing the spam quarantine on Cisco Secure Email Gateway appliances. Spam quarantine is a feature that allows Cisco ESA to store messages that are suspected to be spam and allow end users or administrators to review them and release or delete them as needed.

End users can access their personal spam quarantine on Cisco ESA either by clicking on a link in a notification email or by entering their email address and password in a web browser. In both cases, authentication is required to ensure security and privacy.

The other options are not valid restrictions that are in place for end users accessing the spam quarantine on Cisco Secure Email Gateway appliances, because they are either not mandatory or not related to authentication.

References: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 10-2 and page 10-3.

Cisco Talos is a cloud service that provides a reputation verdict for email messages based on the sender domain and other attributes such as IP address, sender behavior, message content, and attachment analysis. Cisco Talos is integrated with Cisco Secure Email Gateway and provides real-time threat intelligence and protection against spam, phishing, malware, and other email-borne threats.

The other options are not valid because:

• A. Cisco AppDynamics is a cloud service that provides application performance monitoring and optimization for enterprise applications. It does not provide reputation verdicts for email messages.
• B. Cisco Secure Email Threat Defense is a cloud service that provides visibility and remediation capabilities for email threats detected by Cisco Secure Email Gateway. It does not provide reputation verdicts for email messages.
• C. Cisco Secure Cloud Analytics is a cloud service that provides network visibility and threat detection for cloud environments. It does not provide reputation verdicts for email messages.

spf-status is the section of the filter that must be modified to correct this behavior. spf-status is a condition that determines whether a message matches the content filter rule based on the result of SPF verification, such as pass, fail, neutral, etc.

The content filter in the exhibit has a spf-status condition set to “Pass”, which means that it will match messages that passed SPF verification and apply the action of “Quarantine”. This is the opposite of what the network engineer intended to do.

To correct this behavior, the network engineer can modify the spf-status condition to “Fail”, which means that it will match messages that failed SPF verification and apply the action of “Quarantine”.

The other options are not valid sections of the filter that must be modified to correct this behavior, because they do not affect the spf-status condition.

References: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 8-3 and page 8-4.

To allow phishing simul-ations to bypass antispam scanning, the administrator must add two components to the allow list: domains and senders. Domains are the email domains that are used in the phishing simulations, such as example.com or test.com. Senders are the email addresses that are used to send the phishing simulations, such as phish@example.com or test@test.com. By adding these components to the allow list, the administrator can prevent them from being blocked by antispam scanning and allow them to reach the end users for testing purposes. References: [Cisco Secure Email Gateway Administrator Guide - Creating Allow Lists]

ceo@example.com is the data that must be added to the dictionary to accomplish this goal. A content dictionary is a list of values that can be used as a condition in a content filter or a message filter. Forged Email Detection is a feature that allows Cisco ESA to detect and prevent email spoofing attacks, where the sender’s address or domain is forged to appear as someone else, such as the CEO of the organization.

To create a content dictionary for use with Forged Email Detection on Cisco ESA, the administrator can follow these steps:

• Select Mail Policies > Content Dictionaries and click Add Dictionary.
• Enter a name and description for the content dictionary, such as CEO Email.
• Under Dictionary Values, click Add Value.
• Enter the email address of the CEO, such as ceo@example.com.
• Click Submit.