300-720 Exam Details

  • Exam Code
    :300-720
  • Exam Name
    :Securing Email with Cisco Email Security Appliance (SESA)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :248 Q&As
  • Last Updated
    :Jul 11, 2026

Cisco 300-720 Online Questions & Answers

  • Question 131:

    Refer to the exhibit.

    A network engineer must set up a content filter to find any messages that failed SPF and send them into quarantine. The content filter has been set up and enabled, but all messages except those that have failed SPF are being sent into quarantine. Which section of the filter must be modified to correct this behavior?

    A. log-entry
    B. quarantine
    C. spf-status
    D. skip-filters

  • Question 132:

    Refer to the exhibit.

    An engineer needs to change the existing Forged Email Detection message filter so that it references a newly created dictionary named `Executives'. What should be done to accomplish this task?

    A. Change "from" to "Executives".
    B. Change "TEST" to "Executives".
    C. Change "fed" to "Executives".
    D. Change "support" to "Executives".

  • Question 133:

    DRAG DROP

    An Encryption Profile has been set up on the Cisco ESA.

    Drag and drop the steps from the left for creating an outgoing content filter to encrypt emails that contains the subject "Secure:" into the correct order on the right.

    Select and Place:

  • Question 134:

    An email containing a URL passes through the Cisco ESA that has content filtering disabled for all mail policies. The sender is [email protected], the recipients are [email protected], [email protected], [email protected], and [email protected]. The subject of the email is Test Document395898847. An administrator wants to add a policy to ensure that the Cisco ESA evaluates the web reputation score before permitting this email.

    Which two criteria must be used by the administrator to achieve this? (Choose two.)

    A. Subject contains "TestDocument"
    B. Sender matches test1.com
    C. Email body contains a URL
    D. Date and time of email

  • Question 135:

    An administrator needs to configure a Cisco ESA to verify that a specific mail server is authorized to send emails for a domain. To reduce overhead, the administrator does not want SSL type encryption or decryption to be used in this process. What must be configured on the Cisco ESA to meet this requirement?

    A. DomainKeys Identified Mail
    B. PKI signing keys
    C. Asymmetric keys
    D. Sender Policy Framework

  • Question 136:

    Which two certificate authority lists are available in Cisco ESA? (Choose two.)

    A. default
    B. system
    C. user
    D. custom
    E. demo

  • Question 137:

    An organization is enforcing TLS with an external party. The external business employs its own internal CA so the Secure Email Gateway cannot verify the TLS connection.

    Which action must an engineer take for the Cisco Secure Email Gateway to trust the connection?

    A. Modify Destination Controls and set TLS Support to Required for all external and internal destinations.
    B. Enable a custom list on the Network > Certificates page and upload the certificates for the trusted authorities.
    C. Edit Destination Controls and add the external party domain to the Destination Control Table as trusted.
    D. Choose Add Certificate on the Network > Certificates page and create a self-signed certificate.

  • Question 138:

    A remote financial institution is implementing email encryption. It is required that all inbound emails use SMTP over TLS. What must be done to accomplish this?

    A. Disable TLS certificates.
    B. Utilize Cisco Registered Envelope Service.
    C. Leverage Cisco Talos Threat Intelligence Group.
    D. Enable Application Inspection and Control for SMTP.

  • Question 139:

    What is the default primary email attribute used in a spam quarantine end-user authentication query when using LDAP authentication to an Active Directory server?

    A. userAccount
    B. mailLocalAddress
    C. sAMAccountName
    D. proxyAddresses

  • Question 140:

    What is the default method of remotely accessing a newly deployed Cisco Secure Email Virtual Gateway when a DHCP server is not available?

    A. DHCP is required for the initial IP address assignment.
    B. Use the IP address of 192.168.42.42 via the Management port.
    C. Manual configuration of an IP address is required through the serial port before remote access.
    D. Manual configuration of an IP address is required through the hypervisor console before remote access.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-720 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.