Cisco 300-720 Dumps

Configuring DomainKeys and DKIM Signing:

-Signing Keys

-Public Keys

-Domain Profiles

Creating Domain Profiles:

Step 1

-Choose Mail Policies > Signing Profiles.

Step 2

-In the Domain Signing Profiles section, click Add Profile.

If the assigned certificate under one of the IP interfaces is modified, then the HTTPS traffic when connecting to the web user interface of the Cisco Secure Email Gateway will be impacted. The administrator must ensure that the certificate is valid and trusted by the browser or client that is used to access the web user interface. Otherwise, the connection may fail or generate a warning message. References: [Cisco Secure Email Gateway Administrator Guide - Configuring Certificates]

one of the methods to enable Cisco SecureX integration on a Cisco Secure Email Gateway appliance is to use the Threat Response service1. This service allows the appliance to send telemetry data to the SecureX cloud and provide visibility and response capabilities across multiple security products1. To use this service, the administrator needs to perform the following steps1:

• Enable the Threat Response service: The administrator needs to go to Network > Cloud Service Settings and enable the Threat Response service. This will generate a registration token that can be used to register the appliance with SecureX1.
• Select the correct Threat Response Server: The administrator needs to select the appropriate Threat Response server based on the region where the appliance is located. The available regions are North America, Europe, and Asia Pacific1.

If you store user information within LDAP directories in your network infrastructure you can configure the appliance to query your LDAP servers to accept, route, and authenticate messages.

To encrypt SMTP with TLS on a Cisco Secure Email Gateway appliance when the sender requires TLS verification, the components that are required are an X.509 certificate and matching private key from a CA. The certificate must be signed by a trusted CA and contain the domain name or IP address of the listener in the Subject or Subject Alternative Name fields. The private key must be unencrypted and match the certificate. References: [Cisco Secure Email Gateway Administrator Guide - Configuring TLS]

• Public/Private keypair. A public/private keypair is a pair of cryptographic keys that are used to generate and verify digital signatures. The private key is used to sign the email message, while the public key is used to verify the signature. The public key is published in a DNS record, while the private key is stored on the Cisco Secure Email Gateway appliance[1, p. 2].
• Domain signing profile. A domain signing profile is a configuration that specifies the domain and selector to use for signing outgoing messages, as well as the signing algorithm, canonicalization method, and header fields to include in the signature. You can create multiple domain signing profiles for different domains or subdomains[1, p. 3].

The other options are not valid because:

• A. DMARC verification profile is not a component for utilizing a digital signature in outgoing emails. It is a component for verifying the authenticity of incoming emails based on SPF and DKIM results[2, p. 1].
• B. SPF record is not a component for utilizing a digital signature in outgoing emails. It is a component for validating the sender IP address of incoming emails based on a list of authorized IP addresses published in a DNS record[3, p. 1].
• E. PKI certificate is not a component for utilizing a digital signature in outgoing emails. It is a component for encrypting and decrypting email messages based on a certificate authority that issues and validates certificates[4, p. 1].

To meet the security policy of allowing visibility into what the URL is but not allowing the user to click it, the administrator must defang the URL. This means that the URL will be modified in a way that it is still readable by humans but not clickable by browsers. For example, could be defanged as hxxp://example[.]com.  References: [Cisco Secure Email Gateway Administrator Guide - Defanging URLs in Messages]

The maximum attachment size to scan is a configuration on the scan behavior that determines the maximum size of an attachment that Cisco ESA will scan for viruses and malware. If an attachment exceeds this size, Cisco ESA will apply the configured action for unscannable messages, such as deliver, drop, or quarantine.

To allow the attachment to be scanned on the Cisco ESA, this configuration must be updated to a larger value than the attachment size, which is 10 MB according to the message header.

The other options are not valid configurations to allow the attachment to be scanned on the Cisco ESA, because they do not affect the maximum attachment size to scan.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 7-3 and page 7-4.

Undesirable URL protection is a feature that allows Cisco ESA to detect and block messages that contain URLs that lead to malicious or unwanted websites, such as phishing, malware, or adult content sites. To enable this feature, outbreak filters and antispam scanning must be enabled on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-17.

According to the [Cisco Secure Email Encryption Service Add-In User Guide], you can create an encryption profile that defines the encryption settings and options for your encrypted messages[2, p. 11]. You can also create an outgoing content filter that applies the encryption profile to the messages that match certain conditions, such as having [SECURE] in the subject header[2, p. 12]. This way, you can allow users to flag the messages that require encryption by adding [SECURE] to the subject line.

The other options are not valid because:

• A. Creating an encryption profile with [SECURE] in the Subject setting and enabling encryption on the mail flow policy will not work, as the Subject setting in the encryption profile is used to specify the subject line of the encrypted message envelope, not the original message[2, p. 11].
• B. Creating an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting will not work, as this will encrypt all outgoing messages regardless of whether they have [SECURE] in the subject line or not[2, p. 12].
• D. Creating a DLP policy manager message action with encryption enabled and applying it to active DLP policies for outgoing mail will not work, as this will encrypt messages based on DLP rules that detect sensitive data in the message content, not based on user flags in the subject line.

Content filters are rules that allow Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc.

The two primary components of content filters are:

• Conditions, which are the criteria that determine whether a message matches a content filter rule or not, such as message size, sender address, attachment type, etc.
• Actions, which are the operations that Cisco ESA performs on a message if it matches the conditions of a content filter rule, such as deliver, drop, quarantine, encrypt, etc.

The other options are not primary components of content filters on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 8-3 and page 8-4.

Overview of Encrypting Communication with Other MTAs:

AsyncOS supports the STARTTLS extension to SMTP (Secure SMTP over TLS).

The TLS implementation in AsyncOS provides privacy through encryption.

Undesirable URL protection is a feature that allows Cisco ESA to detect and block messages that contain URLs that lead to malicious or unwanted websites, such as phishing, malware, or adult content sites. To enable this feature, outbreak filters and antispam scanning must be enabled on Cisco ESA.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-17.

Outbreak filters and antivirus are two features that can be applied to either incoming or outgoing mail policies on Cisco ESA. Outbreak filters allow Cisco ESA to detect and block messages that contain new or emerging email threats, such as viruses, worms, phishing, or spam, by using real-time updates from Talos intelligence. Antivirus allows Cisco ESA to scan messages for known viruses and malware using one or two antivirus engines (Sophos and McAfee).

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-16 and page 7-2.

With DomainKeys or DKIM email authentication, the sender signs the email using public key cryptography. Configuring DomainKeys and DKIM Signing A signing key is the private key stored on the appliance.

The Outbreak Filters feature uses three tactics to protect your users from outbreaks:

Delay.

Redirect.

Modify.

DLP (Data Loss Prevention) is a security service that is configured only through an outgoing mail policy on Cisco ESA. DLP allows Cisco ESA to scan outgoing messages for sensitive or confidential data, such as credit card numbers, social security numbers, health records, etc., and apply appropriate actions, such as encrypt, quarantine, notify, etc., to prevent data leakage or loss.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-2.

Reference b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_01001.html

According to the Cisco Secure Email Threat Defense User Guide, the No Authentication option is only available if you are using a Cisco Secure Email Gateway (SEG) as your message source. This option allows visibility only, no remediation1.

The other options are not valid because:

• A. Basic Authentication is not a visibility and remediation mode for Cisco Secure Email Threat Defense. It is a method of authenticating users with a username and password2.
• C. Microsoft 365 Authentication is a visibility and remediation mode that allows you to use Microsoft 365 credentials to access Cisco Secure Email Threat Defense. It has two sub-options: Read/Write and Read. This mode is available for both Microsoft 365 and Gateway message sources1.
• D. Cisco Security Cloud Sign On is not a visibility and remediation mode for Cisco Secure Email Threat Defense. It is a service that manages user authentication for Cisco security products, including Cisco Secure Email Threat Defense3.

Condition is a component that must be added to the content filter to trigger on failed SPF Verification or DKIM Authentication verdicts. Condition is a criterion that determines whether a message matches a content filter rule or not, such as message size, sender address, attachment type, etc.

To add a condition to the content filter that triggers on failed SPF Verification or DKIM Authentication verdicts, the administrator can follow these steps:

• Select Mail Policies > Content Filters and click Add Filter.
• Enter a name and description for the content filter.
• Under Conditions, click Add Condition.
• Choose SPF Verification or DKIM Authentication from the drop-down menu.
• Choose Fail from the drop-down menu.
• Click Submit.

The other options are not valid components to trigger on failed SPF Verification or DKIM Authentication verdicts, because they are not part of content filters.

References: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 8-3 and page 8-4.

 spam quarantine end-user authentication query is used to validate non administrative user access to the end-user quarantine via LDAP1. This query is configured in the System Administration > LDAP > LDAP Server Profile page and can be tested using the smtproutes command in the CLI1. The other queries are not related to this task. The spam quarantine alias consolidation query is used to consolidate multiple email addresses for a user into one login2. The spam quarantine external authorization query is used to authorize users to access an external spam quarantine on a separate Cisco Secure Email and Web Manager3. The local mailbox (IMAP/POP) authentication is an alternative method to authenticate users without using LDAP2.

When CRES (Cisco Registered Envelope Service) is unavailable, Cisco ESA will requeue the message and attempt to resend it later, until the maximum number of retries or the maximum age of the message is reached. The message will not be sent in clear text, dropped, or encrypted by another appliance.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 12-8.

SenderBase Reputation Filtering is a feature that allows Cisco ESA to reject or throttle connections from email servers based on their reputation score, which is calculated by Talos using sensor information from various sources.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-2.

Configuring the outbound firewall rule to permit traffic on port 3237 is the additional action that resolves the issue. AMP file reputation is a feature that allows Cisco ESA to check files attached to messages against a cloud-based database of known malicious files and apply appropriate actions, such as block, deliver, or quarantine.

By default, AMP file reputation uses TCP port 3237 to communicate with the cloud-based database. If this port is blocked by a firewall, AMP file reputation will not work properly.

To resolve this issue, the administrator can configure the outbound firewall rule to permit traffic on port 3237 from Cisco ESA.

The other options are not valid actions to resolve the issue, because they do not affect the port used by AMP file reputation.

References: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 7-5 and page 7-6.

The Outbreak Filters feature uses three tactics to protect your users from outbreaks:

Delay.

Redirect.

Modify.

 in the spam quarantine section, you can configure settings for access to the spam quarantine, and by default, HTTP uses port 82 and HTTPS uses port 83.

To enable File Reputation and File Analysis on the Cisco Secure Email Gateway appliance, the administrator must configure the appliance to use SSL for the connection to the File Reputation server. This will ensure that the communication between the appliance and the cloud service is secure and encrypted. The administrator must also upload a valid certificate from a trusted CA on the appliance for this purpose. The other options are not required or effective for this task. References: [Cisco Secure Email Gateway Administrator Guide - Configuring File Reputation and File Analysis]

To allow phishing simul-ations to bypass antispam scanning, the administrator must add two components to the allow list: domains and senders. Domains are the email domains that are used in the phishing simulations, such as example.com or test.com. Senders are the email addresses that are used to send the phishing simulations, such as phish@example.com or test@test.com. By adding these components to the allow list, the administrator can prevent them from being blocked by antispam scanning and allow them to reach the end users for testing purposes. References: [Cisco Secure Email Gateway Administrator Guide - Creating Allow Lists]

The SPF record for mycompany.com is shown in the exhibit as:

v=spf1 a mx ip4:199.209.31.21 -all

This means that the domain mycompany.com authorizes the following sources to send email on its behalf:

• The A record of mycompany.com, which resolves to 199.209.31.21
• The MX record of mycompany.com, which points to mail.mycompany.com, which also resolves to 199.209.31.21
• The IP address 199.209.31.21
• The -all qualifier means that any other source is not authorized and should be rejected.

Therefore, the correct answer is C.

References:

SPF Record Syntax

Define your SPF record—Basic setup

When CRES (Cisco Registered Envelope Service) is unavailable, Cisco ESA will requeue the message and attempt to resend it later, until the maximum number of retries or the maximum age of the message is reached. The message will not be sent in clear text, dropped, or encrypted by another appliance.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 12-8.

spf-status is the section of the filter that must be modified to correct this behavior. spf-status is a condition that determines whether a message matches the content filter rule based on the result of SPF verification, such as pass, fail, neutral, etc.

The content filter in the exhibit has a spf-status condition set to “Pass”, which means that it will match messages that passed SPF verification and apply the action of “Quarantine”. This is the opposite of what the network engineer intended to do.

To correct this behavior, the network engineer can modify the spf-status condition to “Fail”, which means that it will match messages that failed SPF verification and apply the action of “Quarantine”.

The other options are not valid sections of the filter that must be modified to correct this behavior, because they do not affect the spf-status condition.

References: [User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway], page 8-3 and page 8-4.

The safelist is a list of email addresses or domains that are considered legitimate and trustworthy by Cisco ESA. When an email is received from a sender on the safelist, Cisco ESA skips antispam scanning for that message and delivers it to the recipient without any spam filtering.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-13.

To allow the Cisco ESA to encrypt an email using the CRES (Cisco Registered Envelope Service), a provisioned email encryption profile must be configured on Cisco ESA. A provisioned email encryption profile is a type of encryption profile that specifies how messages are encrypted using CRES, such as the encryption key strength, the notification options, the branding settings, etc.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 12-4.

The altsrchost command enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way. This command allows you to specify an alternate source host for messages that match a message filter. You can use this command to route messages to different virtual gateways based on the message content or attributes.

References: Securing Email with Cisco Email Security Appliance (SESA) v3.1, Module 5: Using Message Filters to Enforce Email Policies, Lesson 1: Using Message Filters

When Cisco ESA is configured to perform antivirus scanning, the default timeout value is 60 seconds, which means that Cisco ESA will wait for 60 seconds for the antivirus engine to scan a message before applying the configured action for unscannable messages, such as deliver, drop, or quarantine.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 7-3.

Spam threshold is a setting that determines the minimum score that a message must have to be classified as spam by Cisco ESA. The lower the threshold, the more aggressive the spam detection is.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-5.

The default port to deliver emails from the Cisco ESA to the Cisco SMA using the centralized Spam Quarantine is 6025. This is the default value for the Port setting in the External Spam Quarantine configuration on Cisco ESA. This port must be open on both Cisco ESA and Cisco SMA for the communication to work.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-4.

Spam Quarantine End-User Authentication Query is a query that Cisco ESA performs against an LDAP server to validate the end-user credentials during login to the End-User Quarantine.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-9.

Spam Quarantine End-User Authentication Query is a query that Cisco ESA performs against an LDAP server to validate the end-user credentials during login to the End-User Quarantine.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-9.

To enable LDAP recipient verification on a Cisco Secure Email Gateway appliance, you need to configure the LDAP query on a listener and configure LDAP server profiles. The LDAP query specifies the criteria for matching recipient addresses against an LDAP directory. The LDAP server profile defines the connection settings and authentication credentials for accessing an LDAP server2. References = User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Configuring LDAP Queries [Cisco Secure Email Gateway] - Cisco