Cisco CCNP 300-720 Questions & Answers

• Question 131:

  A Cisco ESA administrator must provide outbound email authenticity and configures a DKIM signing profile to handle this task. What is the next step to allow this organization to use DKIM for their outbound email?

  A. Configure the Trusted Sender Group message authenticity policy.

  B. Export the DNS TXT record to provide to the DNS registrar.

  C. Import the DNS record of the service provider into the Cisco ESA.

  D. Enable the DKIM service checker.

  Correct Answer: C

• Question 132:

  An engineer must limit responses from the gateway that are directed to invalid email addresses. How should the LDAP server be configured to accomplish this goal?

  A. Validate the sender email address via an LDAP query during the SMTP conversation.

  B. Validate the sender email address via SMTP Call-Ahead to query an external SMTP server.

  C. Limit the number of invalid recipients per sender to stop responses after crossing the threshold.

  D. Limit the number of invalid responses per recipient to stop responses after crossing the threshold.

  Correct Answer: D

• Question 133:

  The Cisco ESA is processing many messages that are sent to invalid recipients. To reduce this excessive processing, an engineer is preparing to use LDAP for recipient verification. Which two steps are required to accomplish this task? (Choose two.)

  A. Configure LDAP server profiles.

  B. Enable external LDAP authentication.

  C. Configure the LDAP query.

  D. Enable LDAP authentication on a listener.

  E. Configure incoming mail policy to query LDAP server.

  Correct Answer: AE

• Question 134:

  Which components are required when encrypting SMTP with TLS on Cisco ESA when the sender requires TLS verification?

  A. self-signed certificate in PKCS#7 format

  B. X.509 certificate and matching private key from a CA

  C. self-signed certificate in PKCS#12 format

  D. DER certificate and matching public key from a CA

  Correct Answer: B

• Question 135:

  What is the default primary email attribute used in a spam quarantine end-user authentication query when using LDAP authentication to an Active Directory server?

  A. userAccount

  B. mailLocalAddress

  C. sAMAccountName

  D. proxyAddresses

  Correct Answer: B

• Question 136:

  DRAG DROP

  Drag and drop the steps to configure Cisco ESA to use SPF/SIDF verification from the left into the correct order on the right.

  Select and Place:

  

  Correct Answer:

  

• Question 137:

  DRAG DROP

  An Encryption Profile has been set up on the Cisco ESA.

  Drag and drop the steps from the left for creating an outgoing content filter to encrypt emails that contains the subject "Secure:" into the correct order on the right.

  Select and Place:

  

  Correct Answer:

  

  Reference: https://community.cisco.com/t5/email-security/keyword-in-subject-line-to-encrypt-message/td-p/2441383

• Question 138:

  DRAG DROP

  Drag and drop the Cisco ESA reactions to a possible DLP from the left onto the correct action types on the right.

  Select and Place:

  

  Correct Answer:

  

  Reference:

  https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html (message actions)

• Question 139:

  DRAG DROP

  Drag and drop the AsyncOS methods for performing DMARC verification from the left into the correct order on the right.

  Select and Place:

  

  Correct Answer:

  

  Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_11_1_chapter_010101.html

• Question 140:

  DRAG DROP

  An administrator must ensure that emails sent from [email protected] are routed through an alternate virtual gateway. Drag and drop the snippet from the bottom onto the blank in the graphic to finish the message filter syntax. Not all snippets are used.

  Select and Place:

  

  Correct Answer: