An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation.
Which actions must be performed in order to provide this capability?
- deliver and send copies to other recipients
- quarantine and send a DLP violation notification
- quarantine and alter the subject header with a DLP violation
- deliver and add disclaimer text
Answer(s): D
Explanation:
You specify primary and secondary actions that the appliance will take when it detects a possible DLP violation in an outgoing message. Different actions can be assigned for different violation types and severities.
Primary actions include:
Deliver
Drop
Quarantine
Secondary actions include:
Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations.
When you release the copy from the quarantine,
the appliance delivers the copy to the recipient, who will have already received the original message. Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers.
Altering the subject header of messages containing a DLP violation.
Adding disclaimer text to messages.
Sending messages to an alternate destination mailhost. Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical
DLP violations to a compliance officer's mailbox for examination.) Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP
compliance officer.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/ b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html