Pass the Cisco CCNP Security 300-720 Questions and answers with ExamsMirror

Message Handling Settings:

Repaired Message Handling

Messages are considered repaired if the message was completely scanned and all viruses have been repaired or removed. These messages will be delivered as is.

Encrypted Message Handling

Messages are considered encrypted if the engine is unable to finish the scan due to an encrypted or protected field in the message. Messages that are marked encrypted may also be repaired.

Unscannable Message Handling

Messages are considered unscannable if a scanning timeout value has been reached, or the engine becomes unavailable due to an internal error. Messages that are marked unscannable may also be repaired.

Virus Infected Message Handling

The system may be unable to drop the attachment or completely repair a message. In these cases, you can configure how the system handles messages that could still contain viruses.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01011.html#con_1132282

The default behavior of any listener for TLS communication is B. off. This means that TLS is not allowed for incoming connections to the listener and connections to the listener do not require encrypted Simple Mail Transfer Protocol (SMTP) conversations. This is stated in the web search result 1. To enable TLS for a listener, you need to configure the Use TLS option in the mail flow policy settings for the listener on the Mail Policies > HAT Overview page1. You can choose from three different settings for TLS: No, Preferred, or Required1.

If the McAfee antivirus scanning is enabled on the Cisco Secure Email Gateway and the virus scanning action is set to “scan for viruses only”, then no repair is attempted, and the attachment is either dropped or delivered based on the antivirus policy settings. The administrator can choose to drop or deliver the infected attachment by selecting the appropriate action in the antivirus policy. References: [Cisco Secure Email Gateway Administrator Guide - Configuring McAfee Antivirus Scanning]

The default port to deliver emails from the Cisco ESA to the Cisco SMA using the centralized Spam Quarantine is 6025. This is the default value for the Port setting in the External Spam Quarantine configuration on Cisco ESA. This port must be open on both Cisco ESA and Cisco SMA for the communication to work.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-4.

To enable File Reputation and File Analysis on the Cisco Secure Email Gateway appliance, the administrator must configure the appliance to use SSL for the connection to the File Reputation server. This will ensure that the communication between the appliance and the cloud service is secure and encrypted. The administrator must also upload a valid certificate from a trusted CA on the appliance for this purpose. The other options are not required or effective for this task. References: [Cisco Secure Email Gateway Administrator Guide - Configuring File Reputation and File Analysis]

Enabling End-User Quarantine Access and pointing to an LDAP server for authentication is the action that must be taken to meet this requirement. End-User Quarantine Access is a feature that allows users to access their personal quarantine on Cisco ESA using their email address and password, without requiring an administrator account or access to Secure Email and Web Manager.

To enable End-User Quarantine Access on Cisco ESA, the administrator can follow these steps:

Select Security Services > IronPort Anti-Spam > End User Safelist/Blocklist Settings and click Edit Settings.

Under End User Quarantine Access, select Enable End User Quarantine Access.

Under Authentication Server, select LDAP Server from the drop-down menu and choose an LDAP server profile from the drop-down menu.

Click Submit.

To combat backscatter, which is a type of spam that consists of bounce messages sent to forged sender addresses, the administrator must enable the Bounce Verification feature under Security Settings. This feature allows the appliance to verify whether a bounce message is legitimate or not by checking if the original message was sent from the appliance. If not, the bounce message is considered as backscatter and can be dropped or quarantined. References: [Cisco Secure Email Gateway Administrator Guide - Configuring Bounce Verification]

Spam threshold is a setting that determines the minimum score that a message must have to be classified as spam by Cisco ESA. The lower the threshold, the more aggressive the spam detection is.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-5.

To encrypt SMTP with TLS on a Cisco Secure Email Gateway appliance when the sender requires TLS verification, the components that are required are an X.509 certificate and matching private key from a CA. The certificate must be signed by a trusted CA and contain the domain name or IP address of the listener in the Subject or Subject Alternative Name fields. The private key must be unencrypted and match the certificate. References: [Cisco Secure Email Gateway Administrator Guide - Configuring TLS]

According to the [Cisco Secure Email Encryption Service Add-In User Guide], you can create an encryption profile that defines the encryption settings and options for your encrypted messages[2, p. 11]. You can also create an outgoing content filter that applies the encryption profile to the messages that match certain conditions, such as having [SECURE] in the subject header[2, p. 12]. This way, you can allow users to flag the messages that require encryption by adding [SECURE] to the subject line.

The other options are not valid because:

A. Creating an encryption profile with [SECURE] in the Subject setting and enabling encryption on the mail flow policy will not work, as the Subject setting in the encryption profile is used to specify the subject line of the encrypted message envelope, not the original message[2, p. 11].

B. Creating an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting will not work, as this will encrypt all outgoing messages regardless of whether they have [SECURE] in the subject line or not[2, p. 12].

D. Creating a DLP policy manager message action with encryption enabled and applying it to active DLP policies for outgoing mail will not work, as this will encrypt messages based on DLP rules that detect sensitive data in the message content, not based on user flags in the subject line.