300-720 Exam Details

  • Exam Code
    :300-720
  • Exam Name
    :Securing Email with Cisco Email Security Appliance (SESA)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :248 Q&As
  • Last Updated
    :Jul 11, 2026

Cisco 300-720 Online Questions & Answers

  • Question 31:

    A list of company executives is routinely being spoofed, which puts the company at risk of malicious email attacks. An administrator must ensure that executive messages are originating from legitimate sending addresses. Which two steps must be taken to accomplish this task? (Choose two.)

    A. Create an incoming content filter with SPF detection.
    B. Create a content dictionary including a list of the names that are being spoofed.
    C. Enable the Forged Email Detection feature under Security Settings.
    D. Enable DMARC feature under Mail Policies.
    E. Create an incoming content filter with the Forged Email Detection condition.

  • Question 32:

    Which method enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way?

    A. Set up the interface group with the flag.
    B. Issue the altsrchost command.
    C. Map the envelope sender address to the host.
    D. Apply a filter on the message.

  • Question 33:

    A content dictionary was created for use with Forged Email Detection. Proper data that pertains to the CEO "Example CEO" must be entered. What must be added to the dictionary to accomplish this goal?

    A. ceo
    B. Example CEO
    C. [email protected]
    D. example.com

  • Question 34:

    An engineer must limit responses from the gateway that are directed to invalid email addresses. How should the LDAP server be configured to accomplish this goal?

    A. Validate the sender email address via an LDAP query during the SMTP conversation.
    B. Validate the sender email address via SMTP Call-Ahead to query an external SMTP server.
    C. Limit the number of invalid recipients per sender to stop responses after crossing the threshold.
    D. Limit the number of invalid responses per recipient to stop responses after crossing the threshold.

  • Question 35:

    DRAG DROP

    Drag and drop the SMTP Call-Ahead Server Profile Settings from the left onto the descriptions on the right.

    Select and Place:

  • Question 36:

    An engineer is testing mail flow on a new Cisco ESA and notices that messages for domain abc.com are stuck in the delivery queue. Upon further investigation, the engineer notices that the messages pending delivery are destined for 192.168.1.11, when they should instead be routed to 192.168.1.10.

    What configuration change needed to address this issue?

    A. Add an address list for domain abc.com.
    B. Modify Destination Controls entry for the domain abc.com.
    C. Modify the SMTP route for the domain and change the IP address to 192.168.1.10.
    D. Modify the Routing Tables and add a route for IP address to 192.168.1.10.

  • Question 37:

    What is the function of authenticating SMTP sessions using client certificates?

    A. The Secure Email Gateway requests a client certificate from a user's mail client during connection to the appliance.
    B. If the Secure Email Gateway is configured to require users to provide a certificate when sending mail, no exceptions are allowed for any users.
    C. Users must configure a mail client to send messages through a secure SSL connection and accept a server certificate from the appliance.
    D. If the certificate is valid, the Secure Email Gateway allows an SMTP connection from the mail client over TLS.

  • Question 38:

    A Cisco ESA administrator has noticed that new messages being sent to the Centralized Policy Quarantine are being released after one hour. Previously, they were being held for a day before being released.

    What was configured that caused this to occur?

    A. The retention period was changed to one hour.
    B. The threshold settings were set to override the clock settings.
    C. The retention period was set to default.
    D. The threshold settings were set to default.

  • Question 39:

    An organization wants to use its existing Cisco ESA to host a new domain and enforce a separate corporate policy for that domain. What should be done on the Cisco ESA to achieve this?

    A. Use the smtproutes command to configure a SMTP route for the new domain.
    B. Use the deliveryconfig command to configure mail delivery for the new domain.
    C. Use the dsestconf command to add a separate destination for the new domain.
    D. Use the altrchost command to add a separate gateway for the new domain.

  • Question 40:

    Which two components must be configured to perform DLP scanning? (Choose two.)

    A. Add a DLP policy on the Incoming Mail Policy.
    B. Add a DLP policy to the DLP Policy Manager.
    C. Enable a DLP policy on the Outgoing Mail Policy.
    D. Enable a DLP policy on the DLP Policy Customizations.
    E. Add a DLP policy to the Outgoing Content Filter.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-720 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.