Pass the Cisco CCNP Security 300-720 Questions and answers with ExamsMirror

Custom policy is a type of DLP policy template that must be used to create a policy that meets this requirement. Custom policy allows the administrator to define their own criteria for detecting sensitive or confidential data in messages, such as keywords, regular expressions, file types, etc.

To create a custom DLP policy on Cisco ESA, the administrator can follow these steps:

Select Mail Policies > DLP Policy Manager and click Add Policy.

Enter a name and description for the DLP policy, such as Patent Protection.

Under Policy Template, select Custom Policy.

Click Submit.

Under Content Matching Criteria, click Add Criteria.

Choose a matching type, such as Keyword or Regular Expression, and enter a value that matches the proprietary patent documents, such as “patent number” or “\d{4}/\d{6}”.

Click Submit.

The other options are not valid types of DLP policy templates to create a policy that meets this requirement, because they are predefined templates that do not match the proprietary patent documents.

References: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 9-3 and page 9-5.

The safelist/blocklist (SLBL) is a feature that allows Cisco ESA to accept or reject messages from specific email addresses or domains, based on the configuration of mail flow policies or end user preferences.

The action that provides direct access to view the SLBL on Cisco ESA is to export the SLBL to a .csv file, which can be done from the web user interface by selecting Security Services > Safelist/Blocklist and clicking Export.

The other options do not provide direct access to view the SLBL on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-13 and page 6-14.

When DKIM (DomainKeys Identified Mail) signing is configured on Cisco ESA, the DNS record that must be updated to load the DKIM public signing key is the TXT record. The TXT record is used to store arbitrary text information in the DNS, such as the DKIM public key, which can be retrieved by the recipients to verify the DKIM signature in the message header.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 11-3.

According to the Cisco Secure Email Threat Defense User Guide, the No Authentication option is only available if you are using a Cisco Secure Email Gateway (SEG) as your message source. This option allows visibility only, no remediation1.

The other options are not valid because:

A. Basic Authentication is not a visibility and remediation mode for Cisco Secure Email Threat Defense. It is a method of authenticating users with a username and password2.

C. Microsoft 365 Authentication is a visibility and remediation mode that allows you to use Microsoft 365 credentials to access Cisco Secure Email Threat Defense. It has two sub-options: Read/Write and Read. This mode is available for both Microsoft 365 and Gateway message sources1.

D. Cisco Security Cloud Sign On is not a visibility and remediation mode for Cisco Secure Email Threat Defense. It is a service that manages user authentication for Cisco security products, including Cisco Secure Email Threat Defense3.

A TXT record is a type of DNS record that contains arbitrary text data that can be used for various purposes such as verification, configuration, or authentication. A TXT record can contain the DKIM public key per RFC 6376, which is used to verify the digital signature of an email message generated by the DKIM private key of the sender domain.

The other options are not valid because:

A. A CNAME record is a type of DNS record that maps an alias name to a canonical name or another alias name. It does not contain any DKIM public key information.

B. An AAAA record is a type of DNS record that maps a hostname to an IPv6 address. It does not contain any DKIM public key information.

D. A PTR record is a type of DNS record that maps an IP address to a hostname, which is the reverse of an A or AAAA record. It does not contain any DKIM public key information.

A regular expression is a sequence of characters that defines a search pattern for text. To match a string of 123ABCDEFGHJ, you need to use the following regular expression: \d{3}[A-Z]{9}. This expression means that the string must start with three digits (\d{3}), followed by nine uppercase letters ([A-Z]{9}). This expression will match any string that has the same format as 123ABCDEFGHJ. References = User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Regular Expressions [Cisco Secure Email Gateway] - Cisco

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-2240.pdf

The maximum attachment size to scan is a configuration on the scan behavior that determines the maximum size of an attachment that Cisco ESA will scan for viruses and malware. If an attachment exceeds this size, Cisco ESA will apply the configured action for unscannable messages, such as deliver, drop, or quarantine.

To allow the attachment to be scanned on the Cisco ESA, this configuration must be updated to a larger value than the attachment size, which is 10 MB according to the message header.

The other options are not valid configurations to allow the attachment to be scanned on the Cisco ESA, because they do not affect the maximum attachment size to scan.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 7-3 and page 7-4.

According to the [Cisco Secure Email User Guide], you can create a text resource of type Disclaimer Template and use the code view option to insert HTML code into the text box. Then, you can use this text resource in a content filter to prepend or append the HTML message to the email body[1, p. 15-16].

The other options are not valid because:

A. Creating a text resource type of Disclaimer Template and pasting the HTML code into the text box without changing to code view will not work, as the HTML code will be treated as plain text and not rendered properly[1, p. 15].

C. Creating a text resource type of Notification Template and pasting the HTML code into the text box will not work, as Notification Templates are used for sending notifications to senders or recipients, not for modifying the email body[1, p. 17].

D. Creating a text resource type of Notification Template and changing to code view to paste the HTML code into the text box will not work, as Notification Templates are used for sending notifications to senders or recipients, not for modifying the email body[1, p. 17].

Outgoing Mail Policy is a mail policy that should be created to accomplish this task. Outgoing Mail Policy is a set of rules that determine how outgoing messages are processed by Cisco ESA, including whether to apply DLP scanning or not.

To create an Outgoing Mail Policy named ‘Sales’ and assign a DLP policy to it, the administrator can follow these steps:

Select Mail Policies > Outgoing Mail Policies and click Add Policy.

Enter ‘Sales’ as the policy name and click Submit.

Select ‘Sales’ from the list of policies and click Edit Settings.

Under Data Loss Prevention, select Enable Data Loss Prevention Scanning and choose the DLP policy from the drop-down menu.

Click Submit.

The other options are not valid mail policies to accomplish this task, because they do not apply to outgoing messages or DLP scanning.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-2 and page 9-4.