Cisco 300-720 - Securing Email with Cisco Email Security Appliance (300-720 SESA)

According to the [Cisco Secure Email User Guide], Non-Viral threat detection is a feature of Outbreak Filters that detects a nd blocks email messages that contain non-viral threats such as phishing, fraud, or social engineering[ 1 , p. 25]. To use this feature, you need to enable either AntiSpam or Intelligent Multi-Scan on your Cisco Secure Email Gateway, as these features provid e the necessary scanning and filtering capabilities for Non-Viral threat detection[ 1 , p. 26].

The other options are not valid because:

A. Non-Viral threat detection does not require Antivirus or AMP enablement to properly function. Antivirus and AMP are features that detect and block email messages that contain viral threats such as malware or ransomware[ 1 , p. 27-28].

B. The Outbreak Filters option Graymail Header does not affect Non-Viral threat detection. Graymail Header is an option that allows you to add a header to email messages that are classified as graymail, which are messages that are not spam but may be unwanted by some recipients, such as newsletters or promotions[ 1 , p. 25].

D. The Outbreak Filters option URL Rewriting does not affect Non-Viral threat detection. URL Rewriting is an option that allows you to rewrite the URLs in email messages to point to a Cisco proxy server, which can scan the URLs for malicious content and redirect the users to a warning page if needed[ 1 , p. 25].

A regular expression is a sequence of characters that defines a search pattern for text. To match a string of 123ABCDEFGHJ, you need to use the following regular expression: \d{3}[A-Z]{9}. This expression means that the string must start with three digits (\d{3}), followed by nine uppercase letters ([A-Z] {9}). This expression will match any string that has the sam e format as 123ABCDEFGHJ. References =  User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Regular Expressions [Cisco Secure Email Gateway] - Cisco

Data Loss Prevention (DLP) is an outgoing mail policy feature that should be configured to catch this content before it leaves the network. DLP allows Cisco ESA to scan outgoing messages for sensitive or confidential data, such as credit card numbers, social security numbers, health records, etc., and apply appropriate actions, such as encrypt, quarantine, notify, etc., to prevent data leakage or loss.

The other options are not valid outgoing mail policy features to catch this content before it leaves the network, because they do not scan for sensitive or confidential data in messages.

To combat backscatter, which is a type of spam that consists of bounce messages sent to forged sender addresses, the administrator must enable the Bounce Verification feature under Security Settings. This feature allows the appliance to verify whether a bounce message is legitimate or not by checking if the original message was sent from the appliance. If not, the bounce message is considered as backscatter and can be dropped or quarantined.  References : [Cisco Secure Email Gateway Administrator Guide - Configuring Bounce Verification]

The allow list is a feature that allows Cisco ESA to accept messages from specific email addresses or domains, regardless of their sender-based reputation score or other reputation filters.

To allow inbound email from that specific domain, the administrator should add the domain into the allow list on Cisco ESA, which can be done from the web user interface by selecting Security Services > Safelist/Blocklist and clicking Add Entry.

The other options are not valid solutions to allow inbound email from that specific domain, because they do not affect the sender-based reputation score or the reputation filters on Cisco ESA.

The correct order of commands to set filter 2 to active on the CLI of Cisco ESA is:

filters, which enters the message filter mode.

set, which sets the status of one or more message filters.

2, which specifies the message filter number.

1, which sets the status of message filter 2 to active.

The other options are not valid orders of commands to set filter 2 to active on the CLI of Cisco ESA, because they use incorrect commands or parameters.