Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-720

Cisco 300-720 Exam
Securing Email with Cisco Email Security Appliance (300-720 SESA) (Page 4 )

Updated On: 1-Feb-2026
Page 4 of 31
PDF with 179 Questions

A network engineer must tighten up the SPAM control policy of an organization due to a recent SPAM attack. In which scenario does enabling regional scanning improve security for this organization?

  1. when most of the received spam comes from a specific country
  2. when most of the received spam originates outside of the U.S.
  3. when most of the received email originates outside of the U.S.
  4. when most of the received email originates from a specific region

Answer(s): D

Explanation:

Enabling regional scanning improves security for this organization when most of the received email originates from a specific region. Regional scanning is a feature that allows Cisco ESA to apply different spam thresholds and actions based on the geographic region of the sender's IP address, using a database of IP addresses and regions.

To enable regional scanning on Cisco ESA, the administrator can follow these steps:
Select Security Services > IronPort Anti-Spam and click Edit Settings. Under Regional Scanning, select Enable Regional Scanning.
Click Submit.
Select Security Services > IronPort Anti-Spam > Regional Settings and click Add Region. Choose a region from the drop-down menu, such as Asia Pacific. Enter a spam threshold and an action for that region, such as 80 and Drop.
Click Submit.



DRAG DROP (Drag and Drop is not supported)

Drag and drop the graymail descriptions from the left onto the verdict categories they belong to on the right.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



A content dictionary was created for use with Forged Email Detection. Proper data that pertains to the CEO Example CEO: <ceo@example com> must be entered.
What must be added to the dictionary to accomplish this goal?

  1. example.com
  2. Example CEO
  3. ceo
  4. ceo@example com

Answer(s): D

Explanation:

ceo@example.com is the data that must be added to the dictionary to accomplish this goal. A content dictionary is a list of values that can be used as a condition in a content filter or a message filter. Forged Email Detection is a feature that allows Cisco ESA to detect and prevent email spoofing attacks, where the sender's address or domain is forged to appear as someone else, such as the CEO of the organization.
To create a content dictionary for use with Forged Email Detection on Cisco ESA, the administrator can follow these steps:
Select Mail Policies > Content Dictionaries and click Add Dictionary. Enter a name and description for the content dictionary, such as CEO Email.
Under Dictionary Values, click Add Value.
Enter the email address of the CEO, such as ceo@example.com.
Click Submit.



A security administrator deployed a Cisco Secure Email Gateway appliance with a mail policy configured to store suspected spam for review. The appliance is the DMZ and only the standard HTTP/HTTPS ports are allowed by the firewall. An administrator wants to ensure that users can view any suspected spam that was blocked.
Which action must be taken to meet this requirement?

  1. Enable the external Spam Quarantine and enter the IP address and port for the Secure Email and Web Manager
  2. Enable the Spam Quarantine and leave the default settings unchanged.
  3. Enable End-User Quarantine Access and point to an LDAP server for authentication.
  4. Enable the Spam Quarantine and specify port 80 for HTTP and port 443 for HTTPS

Answer(s): C

Explanation:

Enabling End-User Quarantine Access and pointing to an LDAP server for authentication is the action that must be taken to meet this requirement. End-User Quarantine Access is a feature that allows users to access their personal quarantine on Cisco ESA using their email address and password, without requiring an administrator account or access to Secure Email and Web Manager. To enable End-User Quarantine Access on Cisco ESA, the administrator can follow these steps:
Select Security Services > IronPort Anti-Spam > End User Safelist/Blocklist Settings and click Edit Settings.
Under End User Quarantine Access, select Enable End User Quarantine Access. Under Authentication Server, select LDAP Server from the drop-down menu and choose an LDAP server profile from the drop-down menu.

Click Submit.



An engineer deploys a Cisco Secure Email Gateway appliance with default settings in an organization that permits only standard H feature does not work.
Which additional action resolves the issue?

  1. Configure the outbound firewall rule to permit traffic on port 8081
  2. Enable the Use HTTP option under Advanced Settings for File Reputation.
  3. Enable the Use SSL option under Advanced Settings for File Reputation.
  4. Configure the outbound firewall rule to permit traffic on port 3237
  5. TP/HTTPS ports outbound and notices that the AMP file reputation

Answer(s): D

Explanation:

Configuring the outbound firewall rule to permit traffic on port 3237 is the additional action that resolves the issue. AMP file reputation is a feature that allows Cisco ESA to check files attached to messages against a cloud-based database of known malicious files and apply appropriate actions, such as block, deliver, or quarantine.
By default, AMP file reputation uses TCP port 3237 to communicate with the cloud-based database. If this port is blocked by a firewall, AMP file reputation will not work properly. To resolve this issue, the administrator can configure the outbound firewall rule to permit traffic on port 3237 from Cisco ESA.
The other options are not valid actions to resolve the issue, because they do not affect the port used by AMP file reputation.


Reference:

[User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 7-5 and page 7-6.



Viewing page 4 of 31
Viewing questions 16 - 20 out of 179 questions



Post your Comments and Discuss Cisco 300-720 exam prep with other Community members:

Join the 300-720 Discussion