Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-720

Cisco 300-720 Exam
Securing Email with Cisco Email Security Appliance (300-720 SESA) (Page 5 )

Updated On: 1-Feb-2026
Page 5 of 31
PDF with 179 Questions

An organization wants to prevent proprietary patent documents from being shared externally via email. The network administrator reviewed the DLP policies on the Cisco Secure Email Gateway and could not find an existing policy with the appropriate matching patterns.
Which type of DLP policy template must be used to create a policy that meets this requirement?

  1. privacy protection
  2. custom policy
  3. regulatory compliance
  4. acceptable use

Answer(s): B

Explanation:

Custom policy is a type of DLP policy template that must be used to create a policy that meets this requirement. Custom policy allows the administrator to define their own criteria for detecting sensitive or confidential data in messages, such as keywords, regular expressions, file types, etc. To create a custom DLP policy on Cisco ESA, the administrator can follow these steps:
Select Mail Policies > DLP Policy Manager and click Add Policy. Enter a name and description for the DLP policy, such as Patent Protection.
Under Policy Template, select Custom Policy.
Click Submit.
Under Content Matching Criteria, click Add Criteria.
Choose a matching type, such as Keyword or Regular Expression, and enter a value that matches the proprietary patent documents, such as "patent number" or "\d{4}/\d{6}".
Click Submit.
The other options are not valid types of DLP policy templates to create a policy that meets this requirement, because they are predefined templates that do not match the proprietary patent documents.


Reference:

[User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 9-3 and page 9-5.



Refer to the exhibit.



A network engineer must set up a content filter to find any messages that failed SPF and send them into quarantine The content filter has been set up and enabled, but all messages except those that have failed SPF are being sent into quarantine.
Which section of the filter must be modified to correct this behavior?

  1. skip-filters
  2. log-entry
  3. spf-status
  4. quarantine

Answer(s): C

Explanation:

spf-status is the section of the filter that must be modified to correct this behavior. spf-status is a condition that determines whether a message matches the content filter rule based on the result of SPF verification, such as pass, fail, neutral, etc.
The content filter in the exhibit has a spf-status condition set to "Pass", which means that it will match messages that passed SPF verification and apply the action of "Quarantine". This is the opposite of what the network engineer intended to do.
To correct this behavior, the network engineer can modify the spf-status condition to "Fail", which means that it will match messages that failed SPF verification and apply the action of "Quarantine". The other options are not valid sections of the filter that must be modified to correct this behavior, because they do not affect the spf-status condition.


Reference:

[User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 8-3 and page 8-4.



Which two Cisco ESA features are used to control email delivery based on the sender? (Choose two.)

  1. incoming mail policies
  2. spam quarantine
  3. outbreak filter
  4. safelists
  5. blocklists

Answer(s): D,E

Explanation:

Safelists and blocklists are features on Cisco ESA that allow you to control email delivery based on the sender. Safelists are lists of sender addresses or domains that you want to accept or exempt from certain filtering actions. Blocklists are lists of sender addresses or domains that you want to reject or drop3. Reference = Securing Email with Cisco Email Security Appliance (SESA) v3.1



A Cisco ESA administrator has noticed that new messages being sent to the Centralized Policy Quarantine are being released after one hour. Previously, they were being held for a day before being released.

What was configured that caused this to occur?

  1. The retention period was changed to one hour.
  2. The threshold settings were set to override the clock settings.
  3. The retention period was set to default.
  4. The threshold settings were set to default.

Answer(s): C

Explanation:

You can configure Policy, Virus, and Outbreak Quarantines in any one of the following ways:

Choose Quarantine > Other Quarantine > View > +.

Choose Monitor > Policy, Virus, and Outbreak Quarantines and do one of the following.

Click Add Policy Quarantine.

Keep the following in mind, changing the retention time of the File Analysis quarantine from the default of one hour is not recommended.


Reference:

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14- 0/user_guide/b_ESA_Admin_Guide_14-
0/b_ESA_Admin_Guide_12_1_chapter_011111.html?bookSearch=true



Spreadsheets containing credit card numbers are being allowed to bypass the Cisco ESA.

Which outgoing mail policy feature should be configured to catch this content before it leaves the network?

  1. file reputation filtering
  2. outbreak filtering
  3. data loss prevention
  4. file analysis

Answer(s): C

Explanation:

Data Loss Prevention (DLP) is an outgoing mail policy feature that should be configured to catch this content before it leaves the network. DLP allows Cisco ESA to scan outgoing messages for sensitive or confidential data, such as credit card numbers, social security numbers, health records, etc., and apply appropriate actions, such as encrypt, quarantine, notify, etc., to prevent data leakage or loss. The other options are not valid outgoing mail policy features to catch this content before it leaves the network, because they do not scan for sensitive or confidential data in messages.


Reference:

User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-2 and page 9-3.



Viewing page 5 of 31
Viewing questions 21 - 25 out of 179 questions



Post your Comments and Discuss Cisco 300-720 exam prep with other Community members:

Join the 300-720 Discussion