Pass the Cisco CCNP Security 300-720 Questions and answers with Dumpstech

Geolocation-based filtering and senderbase reputation filtering are two features of Cisco Email Security that can be added to a Sender Group to protect an organization against email threats. Geolocation-based filtering allows Cisco ESA to accept or reject connections from email servers based on their geographic location, such as country or continent. Senderbase reputation filtering allows Cisco ESA to reject or throttle connections from email servers based on their reputation score, which is calculated by Talos using sensor information from various sources.

A DMARC verification profile is a list of parameters that the mail flow policies of the appliance use for verifying DMARC. The name of the verification profile identifies the profile and allows you to apply it to different mail flow policies. The message action to take when the policy is reject/quarantine determines how the appliance handles messages that fail DMARC verification based on the sender’s DMARC policy.

To perform DLP scanning on Cisco ESA, two components must be configured:

Add a DLP policy to the DLP Policy Manager, which is a repository of predefined or custom DLP policies that specify what types of data to scan for and what actions to take if a match is found.

Enable a DLP policy on the Outgoing Mail Policy, which is a set of rules that determine how outgoing messages are processed by Cisco ESA, including whether to apply DLP scanning or not.

Non-final actions are actions that do not terminate the message filter evaluation, such as adding headers, setting variables, logging, etc. Final actions are actions that end the message filter evaluation and determine the fate of the message, such as accept, drop, bounce, quarantine, etc.

To combat backscatter, which is a type of spam that consists of bounce messages sent to forged sender addresses, the administrator must enable the Bounce Verification feature under Security Settings. This feature allows the appliance to verify whether a bounce message is legitimate or not by checking if the original message was sent from the appliance. If not, the bounce message is considered as backscatter and can be dropped or quarantined.  References : [Cisco Secure Email Gateway Administrator Guide - Configuring Bounce Verification]

A TXT record is a type of DNS record that contains arbitrary text data that can be used for various purposes such as verification, configuration, or authentication. A TXT record can contain the DKIM public key per RFC 6376, which is used to verify the digital signature of an email message generated by the DKIM private key of the sender domain.

The other options are not valid because:

A. A CNAME record is a type of DNS record that maps an alias name to a canonical name or another alias name. It does not contain any DKIM public key information.

B. An AAAA record is a type of DNS record that maps a hostname to an IPv6 address. It does not contain any DKIM public key information.

D. A PTR record is a type of DNS record that maps an IP address to a hostname, which is the reverse of an A or AAAA record. It does not contain any DKIM public key information.

A filter is a method that enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way. A filter is a rule that allows Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc.

To deliver a flagged message to a specific virtual gateway address using a filter, the engineer can create a content filter or message filter that matches the flag condition and applies an action of “deliver via alternate host” with the virtual gateway address as the parameter.

The other options are not methods that enable an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way, because they have more limitations or requirements than using a filter.