Ace Cisco 300-720: Your Gateway to Securing Email Mastery

Correct : E

Configuring the outbound firewall rule to permit traffic on port 3237 is the additional action that resolves the issue. AMP file reputation is a feature that allows Cisco ESA to check files attached to messages against a cloud-based database of known malicious files and apply appropriate actions, such as block, deliver, or quarantine.

By default, AMP file reputation uses TCP port 3237 to communicate with the cloud-based database. If this port is blocked by a firewall, AMP file reputation will not work properly.

To resolve this issue, the administrator can configure the outbound firewall rule to permit traffic on port 3237 from Cisco ESA.

The other options are not valid actions to resolve the issue, because they do not affect the port used by AMP file reputation.

Correct : C

spf-status is the section of the filter that must be modified to correct this behavior. spf-status is a condition that determines whether a message matches the content filter rule based on the result of SPF verification, such as pass, fail, neutral, etc.

The content filter in the exhibit has a spf-status condition set to ''Pass'', which means that it will match messages that passed SPF verification and apply the action of ''Quarantine''. This is the opposite of what the network engineer intended to do.

To correct this behavior, the network engineer can modify the spf-status condition to ''Fail'', which means that it will match messages that failed SPF verification and apply the action of ''Quarantine''.

The other options are not valid sections of the filter that must be modified to correct this behavior, because they do not affect the spf-status condition.

Correct : C

Direct access via web browser requires authentication is the restriction that is in place for end users accessing the spam quarantine on Cisco Secure Email Gateway appliances. Spam quarantine is a feature that allows Cisco ESA to store messages that are suspected to be spam and allow end users or administrators to review them and release or delete them as needed.

End users can access their personal spam quarantine on Cisco ESA either by clicking on a link in a notification email or by entering their email address and password in a web browser. In both cases, authentication is required to ensure security and privacy.

The other options are not valid restrictions that are in place for end users accessing the spam quarantine on Cisco Secure Email Gateway appliances, because they are either not mandatory or not related to authentication.

Correct : A

The recursion depth is the number of levels that the Cisco Secure Email Gateway will scan inside an archive file for executables and other file types. If the recursion depth is too low, some executables may not be detected and scanned by the content filter.To allow the appliance to scan for executables inside the archive file and apply the action as per the content filter, you need to configure the recursion depth to a higher value1. Reference =User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Configuring File Reputation Filtering and File Analysis [Cisco Secure Email Gateway] - Cisco

Correct : C

According to the [Cisco Secure Email Encryption Service Add-In User Guide], you can create an encryption profile that defines the encryption settings and options for your encrypted messages[2, p. 11]. You can also create an outgoing content filter that applies the encryption profile to the messages that match certain conditions, such as having [SECURE] in the subject header[2, p. 12]. This way, you can allow users to flag the messages that require encryption by adding [SECURE] to the subject line.

The other options are not valid because:

A) Creating an encryption profile with [SECURE] in the Subject setting and enabling encryption on the mail flow policy will not work, as the Subject setting in the encryption profile is used to specify the subject line of the encrypted message envelope, not the original message[2, p. 11].

B) Creating an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting will not work, as this will encrypt all outgoing messages regardless of whether they have [SECURE] in the subject line or not[2, p. 12].

D) Creating a DLP policy manager message action with encryption enabled and applying it to active DLP policies for outgoing mail will not work, as this will encrypt messages based on DLP rules that detect sensitive data in the message content, not based on user flags in the subject line.