Cisco CCNP Security 300-720 Questions & Answers

• Question 31:

  A Cisco ESA administrator recently enabled the Outbreak Filters Global Service Setting to detect Viral as well as Non-Viral threat detection, with no detection of Non-Viral threats after 24 hours of monitoring Outbreak Filters. What is the reason that Non-Viral threat detection is not detecting any positive verdicts?

  A. The Outbreak Filters option Graymail Header must be enabled.

  B. The Outbreak Filters option URL Rewriting must be enabled.

  C. Non-Viral threat detection requires AntiSpam or Intelligent Multi-Scan enablement to properly function.

  D. Non-Viral threat detection requires AntiVirus or AMP enablement to properly function.

  Correct Answer: C

• Question 32:

  A network administrator has enabled virus scanning with the Sophos antivirus engine and set the "drop infected mail" option on a Cisco ESA; however, end users are still complaining about the large number of phishing emails they receive. What must be done to resolve this problem?

  A. Configure Reputation Filtering

  B. Configure Content Filtering

  C. Configure Outbreak Filtering

  D. Change the antivirus engine to McAfee.

  Correct Answer: B

• Question 33:

  A network administrator enabled McAfee antivirus scanning on a Cisco ESA and configured the virus scanning action of "scan for viruses only." If the scanner finds a virus in an attachment for an incoming email, what action will be applied to this message?

  A. The attachment is dropped and replaced with a "Removed Attachment" file.

  B. The email and attachment are forwarded to the network administrator.

  C. The system will attempt to repair the attachment.

  D. No repair is attempted, and the attachment is either dropped or delivered.

  Correct Answer: D

• Question 34:

  Refer to the exhibit.

  

  For improved security, an administrator wants to warn users about opening any links or attachments within an email. How must the administrator configure an HTML-coded message at the top of an email body to create this warning?

  A. Create a text resource type of Notification Template, change to code view to paste the HTML code into the text box, then use this text resource inside a content filter.

  B. Create a text resource type of Disclaimer Template, change to code view to paste the HTML code into the text box, then use this text resource inside a content filter.

  C. Create a text resource type of Disclaimer Template, past the HTML code into the text box, then use this text resource inside a content filter.

  D. Create a text resource type of Notification Template, past the HTML code into the text box, then use this text resource inside a content filter.

  Correct Answer: B

• Question 35:

  A list of company executives is routinely being spoofed, which puts the company at risk of malicious email attacks. An administrator must ensure that executive messages are originating from legitimate sending addresses. Which two steps must be taken to accomplish this task? (Choose two.)

  A. Create an incoming content filter with SPF detection.

  B. Create a content dictionary including a list of the names that are being spoofed.

  C. Enable the Forged Email Detection feature under Security Settings.

  D. Enable DMARC feature under Mail Policies.

  E. Create an incoming content filter with the Forged Email Detection condition.

  Correct Answer: AD

• Question 36:

  An engineer is tasked with creating a content filter to catch attachments, including credit card numbers, and hold them for review until further action is taken. Which component on a Cisco ESA must be configured to meet this requirement?

  A. Spam Quarantine

  B. Outbreak Filter

  C. Policy Quarantine

  D. Content Filter

  Correct Answer: D

• Question 37:

  What is a benefit of deploying Cisco SMA?

  A. centralized management of logs for Cisco ESA appliances

  B. centralized management of botnet directories

  C. centralized management of software updates for Cisco ESA appliances

  D. centralized management of quarantined email

  Correct Answer: C

• Question 38:

  An engineer tries to implement phishing simulations to test end users, but they are being blocked by the Cisco ESA. Which two components, when added to the allow list, allow these simulations to bypass antispam scanning? (Choose two.)

  A. receivers

  B. domains

  C. reputation score

  D. spf check

  E. senders

  Correct Answer: CE

• Question 39:

  An administrator needs to configure a Cisco ESA to block specific domains based on their reputation. Which service within the Cisco ESA should be utilized to accomplish this task?

  A. Receiving SMTP Policy

  B. Data Loss Prevention

  C. Anti-Virus

  D. Sender Group

  Correct Answer: A

• Question 40:

  An administrator notices that the Cisco ESA delivery queue is consistently full. After further investigation, it is determined that the IP addresses currently in use by the Cisco ESA are being rate-limited by some destinations. The administrator creates a new interface with an additional IP address using virtual gateway technology, but the issue is not solved. Which configuration change resolves the issue?

  A. Use the CLI command alt-src-host to set the new interface as a possible delivery candidate.

  B. Use the CLI command loadbalance auto to enable mail delivery over all interfaces.

  C. Use the CLI command deliveryconfig to set the new interface as the primary interface for mail delivery.

  D. Use the CLI command altsrchost to set the new interface as the source IP address for all mail.

  Correct Answer: B