• Home
  • Blogs
  • 300-720 exam questions for practice in 2024 Updated 149 Questions [Q76-Q99]

300-720 exam questions for practice in 2024 Updated 149 Questions [Q76-Q99]

Share

300-720 exam questions for practice in 2024 Updated 149 Questions

Updated May-2024 Premium 300-720 Exam Engine pdf - Download Free Updated 149 Questions

NEW QUESTION # 76
What must be configured to allow the Cisco ESA to encrypt an email using the Cisco Registered Envelope Service?

  • A. content filter to forward the email to the Cisco Registered Envelope server
  • B. provisioned email encryption profile
  • C. message encryption from a content filter that select "Message Encryption" over TLS
  • D. message encryption from the mail flow policies with "CRES" selected

Answer: B

Explanation:
To allow the Cisco ESA to encrypt an email using the CRES (Cisco Registered Envelope Service), a provisioned email encryption profile must be configured on Cisco ESA. A provisioned email encryption profile is a type of encryption profile that specifies how messages are encrypted using CRES, such as the encryption key strength, the notification options, the branding settings, etc.


NEW QUESTION # 77
Refer to the exhibit.

Which SPF record is valid for mycompany.com?

  • A. v=spf1 a mx ip4:199.209.31.2 -all
  • B. v=spf1 a mx ip4:172.16.18.230 -all
  • C. v=spf1 a mx ip4:199.209.31.21 -all
  • D. v=spf1 a mx ip4:10.1.10.23 -all

Answer: B


NEW QUESTION # 78
Drag and drop the AsyncOS methods for performing DMARC verification from the left into the correct order on the right.

Answer:

Explanation:

Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/ b_ESA_Admin_Guide_11_1_chapter_010101.html


NEW QUESTION # 79
What is a benefit of deploying Cisco Secure Email and Web Manager?

  • A. centralized management of quarantined email
  • B. centralized management of logs for Cisco Secure Email Gateway
  • C. centralized management of botnet directories
  • D. centralized management of software updates for Cisco Secure Email Gateway

Answer: A

Explanation:
One of the benefits of deploying Cisco Secure Email and Web Manager is that it provides centralized management of quarantined email for multiple Cisco Secure Email Gateway appliances. The administrator can use the Cisco Secure Email and Web Manager to view, search, release, delete, or forward quarantined messages from a single web interface. Reference: [Cisco Secure Email and Web Manager User Guide - Configuring Centralized Spam Quarantine]


NEW QUESTION # 80
Which action is a valid fallback when a client certificate is unavailable during SMTP authentication on Cisco ESA?

  • A. LDAP BIND
  • B. SMTP TLS
  • C. LDAP Query
  • D. SMTP AUTH

Answer: D

Explanation:
SMTP AUTH is a valid fallback action when a client certificate is unavailable during SMTP authentication on Cisco ESA. SMTP AUTH is a method of authenticating SMTP clients using username and password credentials, which can be verified by an LDAP server or a local database on Cisco ESA.


NEW QUESTION # 81
Which two features are applied to either incoming or outgoing mail policies? (Choose two.)

  • A. application filtering
  • B. antivirus
  • C. outbreak filters
  • D. sender reputation filtering
  • E. Indication of Compromise

Answer: B,C

Explanation:
Outbreak filters and antivirus are two features that can be applied to either incoming or outgoing mail policies on Cisco ESA. Outbreak filters allow Cisco ESA to detect and block messages that contain new or emerging email threats, such as viruses, worms, phishing, or spam, by using real-time updates from Talos intelligence. Antivirus allows Cisco ESA to scan messages for known viruses and malware using one or two antivirus engines (Sophos and McAfee).


NEW QUESTION # 82
Which two configurations are used on multiple LDAP servers to connect with Cisco ESA? (Choose two.)

  • A. failover
  • B. load balancing
  • C. SLA monitor
  • D. active-standby
  • E. active-active

Answer: A,B

Explanation:
You can enter multiple host names to configure the LDAP servers for failover or load-balancing. Separate multiple entries with commas.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/sma_user_guide/ b_SMA_Admin_Guide_ces_11/b_SMA_Admin_Guide_chapter_01010.html


NEW QUESTION # 83
Which global setting is configured under Cisco ESA Scan Behavior?

  • A. actions for unscannable messages due to attachment type
  • B. minimum depth of attachment recursion to scan
  • C. minimum attachment size to scan
  • D. attachment scanning timeout

Answer: D


NEW QUESTION # 84
Which attack is mitigated by using Bounce Verification?

  • A. denial of service
  • B. spoof
  • C. smurf
  • D. eavesdropping

Answer: A

Explanation:
Reference:
https://www.networkworld.com/article/2305394/ironport-adds-bounce-back-verification-for-e- mail.html


NEW QUESTION # 85
What is the default HTTPS port when configuring spam quarantine on Cisco ESA?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/esa_user_guide_11-1/ b_ESA_Admin_Guide_ces_11_1/b_ESA_Admin_Guide_chapter_011111.pdf


NEW QUESTION # 86
Drag and Drop Question
Drag and drop the AsyncOS methods for performing DMARC verification from the left into the correct order on the right.

Answer:

Explanation:


NEW QUESTION # 87
Which setting affects the aggressiveness of spam detection?

  • A. maximum depth of recursion scan
  • B. protection level
  • C. spam threshold
  • D. spam timeout

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118220-technote- esa-00.html


NEW QUESTION # 88
Which two components must be configured to perform DLP scanning? (Choose two.)

  • A. Add a DLP policy to the DLP Policy Manager.
  • B. Enable a DLP policy on the DLP Policy Customizations.
  • C. Enable a DLP policy on the Outgoing Mail Policy.
  • D. Add a DLP policy to the Outgoing Content Filter.
  • E. Add a DLP policy on the Incoming Mail Policy.

Answer: A,C

Explanation:
To perform DLP scanning on Cisco ESA, two components must be configured:
Add a DLP policy to the DLP Policy Manager, which is a repository of predefined or custom DLP policies that specify what types of data to scan for and what actions to take if a match is found.
Enable a DLP policy on the Outgoing Mail Policy, which is a set of rules that determine how outgoing messages are processed by Cisco ESA, including whether to apply DLP scanning or not.


NEW QUESTION # 89
When the Spam Quarantine is configured on the Cisco ESA, what validates end-users via LDAP during login to the End-User Quarantine?

  • A. Spam Quarantine External Authentication Query
  • B. Spam Quarantine End-User Authentication Query
  • C. Spam Quarantine Alias Consolidation Query
  • D. Enabling the End-User Safelist/Blocklist feature

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118692-configure- esa-00.html


NEW QUESTION # 90
An organization wants to use its existing Cisco ESA to host a new domain and enforce a separate corporate policy for that domain.
What should be done on the Cisco ESA to achieve this?

  • A. Use the altrchost command to add a separate gateway for the new domain.
  • B. Use the smtproutes command to configure a SMTP route for the new domain.
  • C. Use the deli very config command to configure mail delivery for the new domain.
  • D. Use the dsestconf command to add a separate destination for the new domain.

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011001.html one of the steps to accept mail for additional internal domains on the Cisco ESA is to choose Network > SMTP Routes and enter the new domain and the corresponding destination host IP address1. This can also be done using the smtproutes command in the CLI1. The other commands (deliveryconfig, dsestconf, and altrchost) are not related to this task.


NEW QUESTION # 91
When the spam quarantine is configured on the Cisco Secure Email Gateway, which type of query is used to validate non administrative user access to the end-user quarantine via LDAP?

  • A. spam quarantine alias consolidation
  • B. spam quarantine end-user authentication
  • C. spam quarantine external authorization
  • D. local mailbox (IMAP/POP) authentication

Answer: B

Explanation:
spam quarantine end-user authentication query is used to validate non administrative user access to the end-user quarantine via LDAP1. This query is configured in the System Administration > LDAP > LDAP Server Profile page and can be tested using the smtproutes command in the CLI1. The other queries are not related to this task. The spam quarantine alias consolidation query is used to consolidate multiple email addresses for a user into one login2. The spam quarantine external authorization query is used to authorize users to access an external spam quarantine on a separate Cisco Secure Email and Web Manager3. The local mailbox (IMAP/POP) authentication is an alternative method to authenticate users without using LDAP2.


NEW QUESTION # 92
Which antispam feature is utilized to give end users control to allow emails that are spam to be delivered to their inbox, overriding any spam verdict and action on the Cisco ESA?

  • A. end user allow list
  • B. end user passthrough list
  • C. end user safelist
  • D. end user spam quarantine access

Answer: C

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-
0/user_guide/b_ESA_Admin_Guide_13-0.pdf P.129


NEW QUESTION # 93
Which two steps are needed to disable local spam quarantine before external quarantine is enabled?
(Choose two.)

  • A. Uncheck the Enable Spam Quarantine check box.
  • B. Select External Spam Quarantine and click on Configure.
  • C. Select Security Services and click Spam Quarantine.
  • D. Select Monitor and click Spam Quarantine.
  • E. Check the External Safelist/Blocklist check box.

Answer: A,D

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118555-qa-esa-
00.html (configuration summary)


NEW QUESTION # 94
Which two Cisco ESA features are used to control email delivery based on the sender? (Choose two.)

  • A. spam quarantine
  • B. safelists
  • C. incoming mail policies
  • D. blocklists
  • E. outbreak filter

Answer: B,D

Explanation:
Safelists and blocklists are features on Cisco ESA that allow you to control email delivery based on the sender. Safelists are lists of sender addresses or domains that you want to accept or exempt from certain filtering actions. Blocklists are lists of sender addresses or domains that you want to reject or drop3. Reference = Securing Email with Cisco Email Security Appliance (SESA) v3.1


NEW QUESTION # 95
To comply with a recent audit, an engineer must configure anti-virus message handling options on the incoming mail policies to attach warnings to the subject of an email.
What should be configured to meet this requirement for known viral emails?

  • A. Encrypted Messages
  • B. Positively Identified Messages
  • C. Unscannable Messages
  • D. Virus Infected Messages

Answer: A


NEW QUESTION # 96
An engineer is tasked with reviewing mail logs to confirm that messages sent from domain abc.com are passing SPF verification and being accepted by the Cisco ESA. The engineer notices that SPF verification is not being performed and that SPF is not being referenced in the logs for messages sent from domain abc.com.
Why is the verification not working properly?

  • A. SPF verification is disabled in the Recipient Access Table.
  • B. SPF verification is disabled on the Mail Flow Policy.
  • C. An SPF verification Content Filter has not been created.
  • D. The SPF conformance level is set to SIDF compatible on the Mail Flow Policy.

Answer: B

Explanation:
SPF verification is a feature that allows Cisco ESA to verify the authenticity of the sender's domain by checking the sender's IP address against a DNS record published by the domain owner. An SPF record is a TXT record that specifies the authorized IP addresses or hosts for sending emails from a domain, using a syntax of qualifiers, mechanisms, and modifiers.
The reason why the verification is not working properly is that SPF verification is disabled on the mail flow policy that applies to the messages sent from domain abc.com. A mail flow policy is a set of rules that determine how incoming or outgoing messages are processed by Cisco ESA, including whether to enable SPF verification or not.
To enable SPF verification on the mail flow policy, the administrator can follow these steps:
Select Mail Policies > Mail Flow Policies and click Edit Settings for the mail flow policy that applies to the messages sent from domain abc.com.
Under Sender Authentication, select Enable SPF Verification and choose an SPF conformance level from the drop-down menu.
Click Submit.
The other options are not valid reasons why the verification is not working properly, because they do not affect SPF verification on the mail flow policy.


NEW QUESTION # 97
Email encryption is configured on a Cisco ESA that uses CRES.
Which action is taken on a message when CRES is unavailable?

  • A. It is dropped and an error message is sent to the sender.
  • B. It is requeued.
  • C. It is encrypted by a Cisco encryption appliance.
  • D. It is sent in clear text.

Answer: D

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117863- configure-esa-00.html


NEW QUESTION # 98
Which two certificate authority lists are available in Cisco ESA? (Choose two.)

  • A. demo
  • B. default
  • C. user
  • D. custom
  • E. system

Answer: D,E

Explanation:
System: This is the default list of trusted certificate authorities that is provided by Cisco and updated automatically. It contains the certificates of well-known and widely used certificate authorities, such as VeriSign, Thawte, and GoDaddy.
Custom: This is the list of additional certificate authorities that you can add manually or import from a file. It allows you to trust certificates that are issued by your own or third-party certificate authorities that are not included in the system list.


NEW QUESTION # 99
......

Authentic 300-720 Dumps With 100% Passing Rate Practice Tests Dumps: https://www.prep4away.com/Cisco-certification/braindumps.300-720.ete.file.html

Cisco 300-720 Real Exam Questions Guaranteed Updated Dump from Prep4away: https://drive.google.com/open?id=1MuDsR76jBp0Z49bT8HKHwuf-WOKt_MTY

Related Blogs

more
Cisco 300-720 Certification Practice Exam