300-720 Cisco Securing Email with Cisco Email Security Appliance (300-720 SESA) Free Practice Exam Questions (2026 Updated)

The type of attack that is prevented by configuring file reputation filtering and file analysis features is zero-day. Zero-day attacks are those that exploit unknown vulnerabilities in software or systems before they are patched or fixed. File reputation filtering and file analysis features help to protect against zero-day attacks by checking the reputation of files attached to email messages and sending them to a cloud-based service for dynamic analysis.

 spam quarantine end-user authentication query is used to validate non administrative user access to the end-user quarantine via LDAP 1 .  This query is configured in the System Admini stration > LDAP > LDAP Server Profile page and can be tested using the smtproutes command in the CLI 1 . The other queries are not related to this task.  The spam quarantine alias consolidation query is used to consolidate multiple email addresses for a user into one login 2 .  The spam quarantin e external authorization query is used to authorize users to access an external spam quarantine on a separate Cisco Secure Email and Web Manager 3 .  The local mailbox (IMAP/POP) authentication is an alternative method to authenticate users without using LDAP 2 .

To combat backscatter, which is a type of spam that consists of bounce messages sent to forged sender addresses, the administrator must enable the Bounce Verification feature under Security Settings. This feature allows the appliance to verify whether a bounce message is legitimate or not by checking if the original message was sent from the appliance. If not, the bounce message is considered as backscatter and can be dropped or quarantined.  References : [Cisco Secure Email Gateway Administrator Guide - Configuring Bounce Verification]

According to the [Cisco Secure Email Encryption Service Add-In User Guid e], you can create an encryption profile that defines the encryption settings and options for your encrypted messages[ 2 , p. 11]. You can also create an outgoing content filter that applies the encryption profile to the messages that match certain condition s, such as having [SECURE] in the subject header[ 2 , p. 12]. This wa y, you can allow users to flag the messages that require encryption by adding [SECURE] to the subject line.

The other options are not valid because:

A. Creating an encryption profile with [ SECURE] in the Subject setting and enabling encryption on the mail flow policy will not work, as the Subject setting in the encryption profile is used to specify the subject line of the encrypted message envelope, not the original message[ 2 , p. 11].

B. Cre ating an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting will not work, as this will encrypt all outgoing messages regardless of whether they have [SECURE] in the subjec t line or not[ 2 , p. 12].

D. Creating a DLP policy manager message action with encryption enabled and applying it to active DLP policies for outgoing mail will not work, as this will encrypt messages based on DLP rules that detect sensitive data in the message content, not based on user flags in the subject line.

The default method of remotely accessing a newly deployed Cisco Secure Email Virtual Gateway when a DHC P server is not available is to use the IP address of 192.168.42.42 via the Management port. This IP address is assigned by default to the Management port of the virtual gateway and can be used to access the web user interface or the command-line interface of the appliance.  References : [Cisco Secure Email Gateway Installation and Upgrade Guide - Configuring Network Settings]

A regular expression is a sequence of characters that defines a search pattern for text. To match a string of 123ABCDEFGHJ, you need to use the following regular expression: \d{3}[A-Z]{9}. This expression means that the string must start with three digits (\d{3}), followed by nine uppercase letters ([A-Z] {9}). This expression will match any string that has the sam e format as 123ABCDEFGHJ. References =  User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (General Deployment) - Regular Expressions [Cisco Secure Email Gateway] - Cisco

Accept is the action that must be set for messages that result in temporary failure to prevent these emails from being rejected. Accept allows Cisco ESA to deliver the messages without applying any DMARC actions or modifications.

To configure the accept action for messages that result in temporary failure on Cisco ESA, the administrator can follow these steps:

Select Mail Policies > DMARC Verification Profile and click Edit Settings for the DMARC verification profile that applies to the messages.

Under DMARC Actions, select Accept from the drop-down menu for Messages That Result in Temporary Failure.

Click Submit.

The other options are not valid actions for messages that result in temporary failure to prevent these emails from being rejected, because they either apply DMARC actions or modifications or do nothing.

If you are unable to access the user interface of the Cisco Secure Email Gateway appliance after manipulating the subnet mask, you can use the serial or console port to perform the initial configuration.  The serial or console port provides a command-line interface that allows you to configure basic network settings such as IP address, subnet mask, gateway, and hostname 3 . References =  User Guide for AsyncOS 12.0 for Cisco Email Security Appli ances - GD (General Deployment) - Configuring Network Settings [Cisco Secure Email Gateway] - Cisco

STARTTLS is an SMTP extension that allows email servers to negotiate a secure connection using TLS or SSL encryption. Cisco ESA supports STARTTLS for both inbound and outbound email delivery.

The maximum attachment size to scan is a configuration on the scan behavior that determines the maximum size of an attachment that Cisco ESA will scan for viruses and malware. If an attachment exceeds this size, Cisco ESA will apply the configured action for unscannable messages, such as deliver, drop, or quarantine.

To allow the attachment to be scanned on the Cisco ESA, this configuration must be updated to a larger value than the attachment size, which is 10 MB according to the message header.

The other options are not valid configurations to allow the attachment to be scanned on the Cisco ESA, because they do not affect the maximum attachment size to scan.

Enabling End-User Quarantine Access and pointing to an LDAP server for authentication is the action that must be taken to meet this requirement. End-User Quarantine Access is a feature that allows users to access their personal quarantine on Cisco ESA using their email address and password, without requiring an administrator account or access to Secure Email and Web Manager.

To enable End-User Quarantine Access on Cisco ESA, the administrator can follow these steps:

Select Security Services > IronPort Anti-Spam > End User Safelist/Blocklist Settings and click Edit Settings.

Under End User Quarantine Access, select Enable End User Quarantine Access.

Under Authentication Server, select LDAP Server from the drop-down menu and choose an LDAP server profile from the drop-down menu.

Click Submit.

Spam threshold is a setting that determines the minimum score that a message must have to be classified as spam by Cisco ESA. The lower the threshold, the more aggressive the spam detection is.

The altsrchost command enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way. This command allows you to specify an alternate source host for messages that match a message filter. You can use this command to route messages to different virtual gateways based on the message content or attributes.

A DMARC verification profile is a list of parameters that the mail flow policies of the appliance use for verifying DMARC. The name of the verification profile identifies the profile and allows you to apply it to different mail flow policies. The message action to take when the policy is reject/quarantine determines how the appliance handles messages that fail DMARC verification based on the sender’s DMARC policy.

Content filter is a component on a Cisco Secure Email Gateway that must be configured to catch attachments, including credit card numbers, and hold them for review until further action is taken. Content filter allows you to define rules based on message content and apply actions such as quarantine, encrypt, or modify. References = [User Guide for AsyncOS 12.0 for Cisco Email Security Appliances - GD (Gene ral Deployment) - Content Filters [Cisco Secure Email Gateway] - Cisco]

According to the  User Guide for Cisco Secure Email Encryption Service Add-In 1 , the ‘Use-Script’ option allows you to use JavaScript in the encrypted message envelope. This option is enabled by default, but you can disable it if you want to send encrypted messages to recipients who have security policies that block JavaScript attachments[ 2 , p. 14].

The other options are not valid because:

A.  Inserting the X-PostX-Use-Script header with a value of false to the encrypted messages is not a supported feature of the Cisco Secure Email Encryption Service Add-in 1 .

B. Selecting JavaScript-free option within the Cisco Secure Email Encryption Service Add-in is not a valid option.  The add-in does not have such an option 1 .

C. Creating an outgoing conte nt filter and adding the Encrypt and Deliver Nov/ action with Use-Script option deselected is not possible. The Encrypt and Deliver Nov/ action does not have a Use-Script option[ 2 , p. 13].