300-720 Cisco Securing Email with Cisco Email Security Appliance (300-720 SESA) Free Practice Exam Questions (2026 Updated)

Step 1: Select Microsoft O365 as the message source.

Step 2: Set the Microsoft 365 Authentication to Read (visibility only, no remediation).

Step 3: Log in with a Microsoft 365 Global Admin account.

Step 4: Accept the permissions requested for the Secure Email Threat Defense app.

The content filter condition that checks to see if the “From: header” in the message is similar to any of the users in the content dictionary is Forged Email Detection. This condition compares the sender’s name or email address with a list of names or email addresses in a content dictionary and triggers an action if they match or are similar.  References : [Cisco Secure Email Gateway Administrator Guide - Forged Email Detection]

Enabling regional scanning improves security for this organization when most of the received email originates from a specific region. Regional scanning is a feature that allows Cisco ESA to apply different spam thresholds and actions based on the geographic region of the sender’s IP address, using a database of IP addresses and regions.

To enable regional scanning on Cisco ESA, the administrator can follow these steps:

Select Security Services > IronPort Anti-Spam and click Edit Settings.

Under Regional Scanning, select Enable Regional Scanning.

Click Submit.

Select Security Services > IronPort Anti-Spam > Regional Settings and click Add Region.

Choose a region from the drop-down menu, such as Asia Pacific.

Enter a spam threshold and an action for that region, such as 80 and Drop.

Click Submit.

A policy quarantine is a type of quarantine that allows Cisco ESA to store messages that match certain criteria, such as virus, spam, or DLP verdicts, for further review or release by an administrator or an end user.

A scenario that prevents a message from being sent to the quarantine as an action in the scan behavior on Cisco ESA is when a policy quarantine is missing, which means that no policy quarantine has been created or enabled on Cisco ESA.

The other options do not prevent a message from being sent to the quarantine as an action in the scan behavior on Cisco ESA.

A content filter action is an operation that Cisco ESA performs on a message if it matches the conditions of a content filter rule, such as headers, envelope, body, attachments, etc.

Quarantine is a valid content filter action that allows Cisco ESA to store the message in a quarantine area for further review or release by an administrator or an end user.

The other options are not valid content filter actions on Cisco ESA.

Determining Which Interface is Used for Mail Delivery Unless you specify the output interface via the deliveryconfig < /code > command or via a message filter ( alt-src-host ), or through the use of a virtual gateway, the output interface is selected by the AsyncOS routing table. https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_0110 01.html?bookSearch=true

The maximum message size that can be configured for encryption on the Cisco ESA is 25 MB. This is the default value for the Maximum Message Size for Encryption setting in the Encryption Profile. Messages that exceed this size will not be encrypted and will be delivered as normal.

Message-filter order and MIME structure of the message are two factors that must be considered when message filter processing is configured on Cisco ESA. Message-filter order determines the sequence in which message filters are evaluated and applied to incoming messages, which can affect the final outcome of the filtering process. MIME structure of the message determines how message filters match against different parts of the message, such as headers, body, attachments, etc., which can affect the accuracy and performance of the filtering process.

SenderBase Reputation Filtering is a feature that allows Cisco ESA to reject or throttle connections from email servers based on their reputation score, which is calculated by Talos using sensor information from various sources.

The default behavior of any listener for TLS communication is B. off. This means that TLS is not allowed for incoming connections to the listener and connection s to the listener do not require encrypted Simple Mail Transfer Protocol (SMTP) conversations. This is stated in the web search result  1 .  To enable TLS for a listener, you need to configure the Use TLS option in the mail flow policy settings for the listener on the Mail P olicies > HAT Overview page 1 .  You can choose from three different settings for TLS: No, Preferred, or Required 1 .