Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-720

Cisco 300-720 Exam
Securing Email with Cisco Email Security Appliance (300-720 SESA) (Page 6 )

Updated On: 1-Feb-2026
Page 6 of 31
PDF with 179 Questions





Refer to the exhibit.
Which configuration on the scan behavior must be updated to allow the attachment to be scanned on the Cisco ESA?

  1. Add an additional mapping for attachment type for zip files.
  2. Enable assume match pattern if the email was not scanned for any reason.
  3. Increase the maximum recursion depth from 5 to a larger value.
  4. Increase the maximum attachment size to scan to a larger value.

Answer(s): D

Explanation:

The maximum attachment size to scan is a configuration on the scan behavior that determines the maximum size of an attachment that Cisco ESA will scan for viruses and malware. If an attachment exceeds this size, Cisco ESA will apply the configured action for unscannable messages, such as deliver, drop, or quarantine.
To allow the attachment to be scanned on the Cisco ESA, this configuration must be updated to a larger value than the attachment size, which is 10 MB according to the message header. The other options are not valid configurations to allow the attachment to be scanned on the Cisco ESA, because they do not affect the maximum attachment size to scan.


Reference:

User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 7-3 and page 7-4.



Users have been complaining of a higher volume of emails containing profanity. The network administrator will need to leverage dictionaries and create specific conditions to reduce the number of inappropriate emails.

Which two filters should be configured to address this? (Choose two.)

  1. message
  2. spam
  3. VOF
  4. sender group
  5. content

Answer(s): A,E

Explanation:

Message filter and content filter are two filters that should be configured to address this issue. Message filter and content filter are rules that allow Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc. To reduce the number of inappropriate emails containing profanity, the network administrator can create a dictionary that contains a list of profane words or phrases and use it as a condition in a message filter or content filter that applies an action of "drop", "quarantine", or "modify subject" on the matching messages.
The other options are not valid filters to address this issue, because they do not use dictionaries or conditions based on message content.


Reference:

User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 8-3 and page 8-7.





Refer to the exhibit.
What is the correct order of commands to set filter 2 to active?

  1. filters-> edit-> 2-> Active
  2. filters-> modify-> All-> Active
  3. filters-> detail-> 2-> 1
  4. filters-> set-> 2-> 1

Answer(s): D

Explanation:

The correct order of commands to set filter 2 to active on the CLI of Cisco ESA is:
filters, which enters the message filter mode.
set, which sets the status of one or more message filters.
2, which specifies the message filter number.
1, which sets the status of message filter 2 to active.

The other options are not valid orders of commands to set filter 2 to active on the CLI of Cisco ESA, because they use incorrect commands or parameters.


Reference:

User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page A-6 and page A-7.



A network administrator notices that there are a high number of queries to the LDAP server. The mail logs show an entry "550 Too many invalid recipients | Connection closed by foreign host."

Which feature must be used to address this?

  1. DHAP
  2. SBRS
  3. LDAP
  4. SMTP

Answer(s): A


Reference:

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12- 0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011010.html

DHAP (Directory Harvest Attack Prevention) is a feature that must be used to address this issue. DHAP is a mechanism that allows Cisco ESA to prevent directory harvest attacks, which are attempts by spammers or hackers to obtain valid email addresses from an LDAP server by sending messages with random or guessed recipients and checking for bounce messages. To enable DHAP on Cisco ESA, the network administrator can follow these steps:
Select Network > Listeners and click Edit Settings for the listener that receives incoming messages. Under SMTP Authentication Settings, select Enable Directory Harvest Attack Prevention. Enter a value for Maximum Invalid Recipients per Hour, which is the number of invalid recipients that triggers DHAP.
Enter a value for Block Sender for (hours), which is the duration that Cisco ESA blocks messages from senders who exceed the maximum invalid recipients per hour.
Click Submit.







Refer to the exhibits.
What must be done to enforce end user authentication before accessing quarantine?

  1. Enable SPAM notification and use LDAP for authentication.
  2. Enable SPAM Quarantine Notification and add the %quarantine_url% variable.
  3. Change the end user quarantine access from None authentication to SAAS.
  4. Change the end user quarantine access setting from None authentication to Mailbox.

Answer(s): D


Reference:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118692- configure-esa-00.html#anc7
Changing the end user quarantine access setting from None authentication to Mailbox is the correct way to enforce end user authentication before accessing quarantine. This setting requires the end users to enter their email address and password in order to access their personal quarantine on the Cisco ESA.
The other options are not valid ways to enforce end user authentication before accessing quarantine, because they do not affect the end user quarantine access setting.

User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-2 and page 10-3.



Viewing page 6 of 31
Viewing questions 26 - 30 out of 179 questions



Post your Comments and Discuss Cisco 300-720 exam prep with other Community members:

Join the 300-720 Discussion