Exam Details

  • Exam Code
    :300-720
  • Exam Name
    :Securing Email with Cisco Email Security Appliance (SESA)
  • Certification
    :CCNP
  • Vendor
    :Cisco
  • Total Questions
    :148 Q&As
  • Last Updated
    :Dec 13, 2024

Cisco CCNP 300-720 Questions & Answers

  • Question 1:

    An organization has strict rules for meeting specific criteria to approve certificate authorities. A Cisco ESA administrator within the organization is receiving complaints about failed inbound emails from a domain. The administrator is also seeing TLS certificate errors. What is the reason for this issue?

    A. Firewall inspection is preventing transmission of certificate data.

    B. The certificate authority is not on the system list.

    C. The TLSv1.0 protocol is not supported.

    D. The certificate chain is broken.

  • Question 2:

    An organization wants to designate help desk personnel to assist with tickets that request the release of messages from the spam quarantine because company policy does not permit end-user quarantine access to employees directly. Which two roles must be used for these personnel to release messages while restricting access to make configuration changes in the Cisco ESA? (Choose two.)

    A. Administrator

    B. Read-Only Operator

    C. Technician

    D. Quarantine Administrator

    E. Help Desk User

  • Question 3:

    The CEO sent an email indicating that all emails containing a string of 123ABCDEFGHJ cannot be delivered and must be sent into quarantine for further inspection. Given the requirement, which regular expression should be used to match on that criteria?

    A. \d{3}[A璟]{9}

    B. {3}\d{9}[A璟]

    C. \w{3}[A璟]{9}

    D. \\D{3}[A璟]{9}

  • Question 4:

    Which restriction is in place for end users accessing the spam quarantine on Cisco ESA devices?

    A. The end user must be assigned to the Guest role.

    B. Access via a link in a notification in mandatory.

    C. Authentication is required when accessing via a link in a notification.

    D. Direct access via web browser requires authentication.

  • Question 5:

    An organization has multiple Cisco ESA devices deployed, resulting in several spam quarantines to manage. To manage the quarantined messages, the administrator enabled the centralized spam quarantine on the Cisco SMA and configured the external spam quarantine on the Cisco ESA devices. However, messages are still being directed to the local quarantine on the Cisco ESA devices. What change is necessary to complete the configuration?

    A. Modify the incoming mail policies on the Cisco ESA devices to redirect to the external quarantine.

    B. Disable the external spam quarantine on the Cisco ESA devices.

    C. Disable the local spam quarantine on the Cisco ESA devices.

    D. Modify the external spam quarantine settings on the Cisco ESA devices and change the port to 25.

  • Question 6:

    The CEO added a sender to a safelist but does not receive an important message expected from the trusted sender. An engineer evaluates message tracking on a Cisco ESA and determines that the message was dropped by the antivirus engine. What is the reason for this behavior?

    A. End-user safelists apply to antispam engines only.

    B. The sender didn't mark the message as urgent.

    C. Administrative access is required to create a safelist.

    D. The sender is included in an ISP blocklist.

  • Question 7:

    What is the purpose of checking the CRL during SMTP authentication on a Cisco ESA?

    A. Check if the certificate is not revoked.

    B. Confirm that corresponding CA is present.

    C. Verify the common name matches user ID.

    D. Validate the date to check if the certificate is still valid.

  • Question 8:

    A company security policy requires that the finance department have an easy way to apply encryption to their outbound messages that contain sensitive data. Users must be able to flag the messages that require encryption versus a Cisco ESA scanning all messages and automatically encrypting via detection. Which action enables this capability?

    A. Create an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting.

    B. Create a DLP policy manager message action with encryption enabled and apply it to active DLP policies for outgoing mail.

    C. Create an encryption profile with [SECURE] in the Subject setting and enable encryption on the mail flow policy.

    D. Create an encryption profile and an outgoing content filter that includes \[SECURE\] within the Subject Header: Contains condition along with the Encrypt and Deliver Now action.

  • Question 9:

    An administrator needs to configure a Cisco ESA to verify that a specific mail server is authorized to send emails for a domain. To reduce overhead, the administrator does not want SSL type encryption or decryption to be used in this process. What must be configured on the Cisco ESA to meet this requirement?

    A. DomainKeys Identified Mail

    B. PKI signing keys

    C. Asymmetric keys

    D. Sender Policy Framework

  • Question 10:

    A network engineer is editing the default DMARC verification profile on a Cisco ESA and must ensure that the configured Message Action in the profile matches the policy in the DMARC record. What must be set to achieve this result?

    A. "Message Action when the Policy in DMARC Record is Reject" to Reject

    B. "Message Action when the Policy in DMARC Record is None" to Quarantine

    C. "Message Action when the Policy in DMARC Record is None" to No Action

    D. "Message Action when the Policy in DMARC Record is Reject" to Quarantine

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-720 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.