Free Cisco 300-720 Practice Exam with Questions & Answers | Set: 3

When DKIM (DomainKeys Identified Mail) signing is configured on Cisco ESA, the DNS record that must be updated to load the DKIM public signing key is the TXT record. The TXT record is used to store arbitrary text information in the DNS, such as the DKIM public key, which can be retrieved by the recipients to verify the DKIM signature in the message header.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 11-3.

A content dictionary is a list of words or phrases that can be used to match against message content in Cisco ESA. For Forged Email Detection, a content dictionary can be used to specify the display names of internal senders that should not appear in the From header of external messages. The display name is usually the name of the sender as it appears in the email client, such as Alpha Beta. Therefore, the entry that will be added into the dictionary for this purpose is Alpha Beta.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-8.

Outbreak Filters can take the action of rewriting URLs to redirect traffic to potentially harmful websites through a web security proxy. This allows the Cisco Secure Email Gateway to scan the content of the websites and block or warn the user if they are malicious or undesirable. This action can stop small-scale and nonviral attacks, such as phishing scams and malware distribution sites, that may not be detected by other filters. References: [Cisco Secure Email Gateway Administrator Guide - Configuring Outbreak Filters]

By modifying the mail policies, specifically the recipient matching criteria, you can ensure that email recipients do not match multiple policies simultaneously. When recipients in the email message belong to different domains (e.g., cisco.com and test.com), it can result in multiple policies being triggered simultaneously, leading to inconsistent delivery of emails with attachments.

DLP is for outgoing mail only and not relevant to incoming mail.

The type of attack that is prevented by configuring file reputation filtering and file analysis features is zero-day. Zero-day attacks are those that exploit unknown vulnerabilities in software or systems before they are patched or fixed. File reputation filtering and file analysis features help to protect against zero-day attacks by checking the reputation of files attached to email messages and sending them to a cloud-based service for dynamic analysis.

References: Securing Email with Cisco Email Security Appliance (SESA) v3.1, Module 9: Using Advanced Malware Protection, Lesson 1: Configuring File Reputation Filtering and File Analysis

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-2240.pdf

Spam threshold is a setting that determines the minimum score that a message must have to be classified as spam by Cisco ESA. The lower the threshold, the more aggressive the spam detection is.

References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 6-5.