Download Securing Email with Cisco Email Security Appliance.300-720.Pass4Success.2025-12-28.101q.tqb

Vendor: Cisco
Exam Code: 300-720
Exam Name: Securing Email with Cisco Email Security Appliance
Date: Dec 28, 2025
File Size: 392 KB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
A network administrator is modifying an outgoing mail policy to enable domain protection for the organization. A DNS entry is created that has the public key.
Which two headers will be used as matching criteria in the outgoing mail policy? (Choose two.)
  1. message-ID
  2. sender
  3. URL reputation
  4. from
  5. mail-from
Correct answer: B, D
Explanation:
To enable domain protection for the organization, the administrator must configure an outgoing mail policy that matches the sender and the from headers of the email. The sender header is the envelope sender address that is used by SMTP to route the email. The from header is the address that is displayed to the recipient as the source of the email. These headers are used to generate and verify a DomainKeys Identified Mail (DKIM) signature, which is a cryptographic method of validating the authenticity and integrity of an email message.The other headers are not relevant for domain protection. The message-ID header is a unique identifier for each email message. The URL reputation header is a score that indicates the likelihood of a URL being malicious. The mail-from header is an alias for the sender header.Domain ProtectionDKIM Signing
To enable domain protection for the organization, the administrator must configure an outgoing mail policy that matches the sender and the from headers of the email. The sender header is the envelope sender address that is used by SMTP to route the email. The from header is the address that is displayed to the recipient as the source of the email. These headers are used to generate and verify a DomainKeys Identified Mail (DKIM) signature, which is a cryptographic method of validating the authenticity and integrity of an email message.
The other headers are not relevant for domain protection. The message-ID header is a unique identifier for each email message. The URL reputation header is a score that indicates the likelihood of a URL being malicious. The mail-from header is an alias for the sender header.
Domain Protection
DKIM Signing
Question 2
Which content filter condition checks to see if the "From: header" in the message is similar to any of the users in the content dictionary?
  1. Forged Email Detection
  2. SPF Verification
  3. Subject Header
  4. Duplicate Boundaries Verification
Correct answer: A
Explanation:
The content filter condition that checks to see if the ''From: header'' in the message is similar to any of the users in the content dictionary is Forged Email Detection. This condition compares the sender's name or email address with a list of names or email addresses in a content dictionary and triggers an action if they match or are similar.Reference: [Cisco Secure Email Gateway Administrator Guide - Forged Email Detection]
The content filter condition that checks to see if the ''From: header'' in the message is similar to any of the users in the content dictionary is Forged Email Detection. This condition compares the sender's name or email address with a list of names or email addresses in a content dictionary and triggers an action if they match or are similar.Reference: [Cisco Secure Email Gateway Administrator Guide - Forged Email Detection]
Question 3
What are two primary components of content filters? (Choose two.)
  1. conditions
  2. subject
  3. content
  4. actions
  5. policies
Correct answer: A, D
Explanation:
Content filters are rules that allow Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc.The two primary components of content filters are:Conditions, which are the criteria that determine whether a message matches a content filter rule or not, such as message size, sender address, attachment type, etc.Actions, which are the operations that Cisco ESA performs on a message if it matches the conditions of a content filter rule, such as deliver, drop, quarantine, encrypt, etc.The other options are not primary components of content filters on Cisco ESA.
Content filters are rules that allow Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc.
The two primary components of content filters are:
Conditions, which are the criteria that determine whether a message matches a content filter rule or not, such as message size, sender address, attachment type, etc.
Actions, which are the operations that Cisco ESA performs on a message if it matches the conditions of a content filter rule, such as deliver, drop, quarantine, encrypt, etc.
The other options are not primary components of content filters on Cisco ESA.
Question 4
Which feature must be configured before an administrator can use the outbreak filter for nonviral threats?
  1. quarantine threat level
  2. antispam
  3. data loss prevention
  4. antivirus
Correct answer: B
Explanation:
The feature that must be configured before an administrator can use the outbreak filter for nonviral threats is antispam. The outbreak filter relies on the antispam engine to detect and block nonviral threats, such as phishing, malware, or spam campaigns. You need to enable antispam scanning and configure the antispam settings before you can use the outbreak filter.
The feature that must be configured before an administrator can use the outbreak filter for nonviral threats is antispam. The outbreak filter relies on the antispam engine to detect and block nonviral threats, such as phishing, malware, or spam campaigns. You need to enable antispam scanning and configure the antispam settings before you can use the outbreak filter.
Question 5
An organization wants to use its existing Cisco ESA to host a new domain and enforce a separate corporate policy for that domain.
What should be done on the Cisco ESA to achieve this?
  1. Use the smtproutes command to configure a SMTP route for the new domain.
  2. Use the deli very config command to configure mail delivery for the new domain.
  3. Use the dsestconf command to add a separate destination for the new domain.
  4. Use the altrchost command to add a separate gateway for the new domain.
Correct answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011001.htmlone of the steps to accept mail for additional internal domains on the Cisco ESA is to choose Network > SMTP Routes and enter the new domain and the corresponding destination host IP address1.This can also be done using the smtproutes command in the CLI1. The other commands (deliveryconfig, dsestconf, and altrchost) are not related to this task.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011001.html
one of the steps to accept mail for additional internal domains on the Cisco ESA is to choose Network > SMTP Routes and enter the new domain and the corresponding destination host IP address1.This can also be done using the smtproutes command in the CLI1. The other commands (deliveryconfig, dsestconf, and altrchost) are not related to this task.
Question 6
Email encryption is configured on a Cisco ESA that uses CRES.
Which action is taken on a message when CRES is unavailable?
  1. It is requeued.
  2. It is sent in clear text.
  3. It is dropped and an error message is sent to the sender.
  4. It is encrypted by a Cisco encryption appliance.
Correct answer: A
Explanation:
When CRES (Cisco Registered Envelope Service) is unavailable, Cisco ESA will requeue the message and attempt to resend it later, until the maximum number of retries or the maximum age of the message is reached. The message will not be sent in clear text, dropped, or encrypted by another appliance.
When CRES (Cisco Registered Envelope Service) is unavailable, Cisco ESA will requeue the message and attempt to resend it later, until the maximum number of retries or the maximum age of the message is reached. The message will not be sent in clear text, dropped, or encrypted by another appliance.
Question 7
What is a category for classifying graymail?
  1. Malicious
  2. Marketing
  3. Spam
  4. Priority
Correct answer: B
Explanation:
According to the [Cisco Secure Email User Guide], graymail is a category of email messages that are not spam but may be unwanted by some recipients, such as newsletters, promotions, or social media updates[5, p. 25]. Marketing is one of the subcategories of graymail that includes messages that advertise products or services[5, p. 26].The other options are not valid because:A) Malicious is not a category for classifying graymail. It is a category for classifying email messages that contain malicious content such as malware, phishing, or fraud[5, p. 25].C) Spam is not a category for classifying graymail. It is a category for classifying email messages that are unsolicited, unwanted, or harmful[5, p. 25].D) Priority is not a category for classifying graymail. It is a category for classifying email messages that are important, urgent, or relevant[5, p. 25].
According to the [Cisco Secure Email User Guide], graymail is a category of email messages that are not spam but may be unwanted by some recipients, such as newsletters, promotions, or social media updates[5, p. 25]. Marketing is one of the subcategories of graymail that includes messages that advertise products or services[5, p. 26].
The other options are not valid because:
A) Malicious is not a category for classifying graymail. It is a category for classifying email messages that contain malicious content such as malware, phishing, or fraud[5, p. 25].
C) Spam is not a category for classifying graymail. It is a category for classifying email messages that are unsolicited, unwanted, or harmful[5, p. 25].
D) Priority is not a category for classifying graymail. It is a category for classifying email messages that are important, urgent, or relevant[5, p. 25].
Question 8
Which functionality is impacted if the assigned certificate under one of the IP interfaces is modified?
  1. traffic between the Cisco Secure Email Gateway and the LDAP server
  2. emails being delivered from the Cisco Secure Email Gateway
  3. HTTPS traffic when connecting to the web user interface of the Cisco Secure Email Gateway
  4. emails being received by the Cisco Secure Email Gateway
Correct answer: C
Explanation:
If the assigned certificate under one of the IP interfaces is modified, then the HTTPS traffic when connecting to the web user interface of the Cisco Secure Email Gateway will be impacted. The administrator must ensure that the certificate is valid and trusted by the browser or client that is used to access the web user interface. Otherwise, the connection may fail or generate a warning message.Reference: [Cisco Secure Email Gateway Administrator Guide - Configuring Certificates]
If the assigned certificate under one of the IP interfaces is modified, then the HTTPS traffic when connecting to the web user interface of the Cisco Secure Email Gateway will be impacted. The administrator must ensure that the certificate is valid and trusted by the browser or client that is used to access the web user interface. Otherwise, the connection may fail or generate a warning message.Reference: [Cisco Secure Email Gateway Administrator Guide - Configuring Certificates]
Question 9
When the Spam Quarantine is configured on the Cisco ESA, what validates end-users via LDAP during login to the End-User Quarantine?
  1. Enabling the End-User Safelist/Blocklist feature
  2. Spam Quarantine External Authentication Query
  3. Spam Quarantine End-User Authentication Query
  4. Spam Quarantine Alias Consolidation Query
Correct answer: C
Explanation:
Spam Quarantine End-User Authentication Query is a query that Cisco ESA performs against an LDAP server to validate the end-user credentials during login to the End-User Quarantine.
Spam Quarantine End-User Authentication Query is a query that Cisco ESA performs against an LDAP server to validate the end-user credentials during login to the End-User Quarantine.
Question 10
A Cisco Secure Email Gateway administrator is creating a Mail Flow Policy to receive outbound email from Microsoft Exchange. Which Connection Behavior must be selected to properly process the messages?
  1. Accept
  2. Delay
  3. Relay
  4. Reject
Correct answer: C
Explanation:
Relay is the connection behavior that must be selected to properly process the messages. Relay allows Cisco ESA to accept messages from the specified source and deliver them to the intended destination, without applying any content or reputation filters.To configure a mail flow policy with relay connection behavior on Cisco ESA, the administrator can follow these steps:Select Mail Policies > Mail Flow Policies and click Add Policy.Enter a name and description for the mail flow policy, such as Exchange Outbound.Under Connection Behavior, select Relay.Click Submit.The other options are not valid connection behaviors to properly process the messages, because they either reject, delay, or accept the messages with content or reputation filters applied.
Relay is the connection behavior that must be selected to properly process the messages. Relay allows Cisco ESA to accept messages from the specified source and deliver them to the intended destination, without applying any content or reputation filters.
To configure a mail flow policy with relay connection behavior on Cisco ESA, the administrator can follow these steps:
Select Mail Policies > Mail Flow Policies and click Add Policy.
Enter a name and description for the mail flow policy, such as Exchange Outbound.
Under Connection Behavior, select Relay.
Click Submit.
The other options are not valid connection behaviors to properly process the messages, because they either reject, delay, or accept the messages with content or reputation filters applied.
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!