Pass the Cisco CCNP Security 300-720 Questions and answers with CertsForce

Configuring DomainKeys and DKIM Signing:

-Signing Keys

-Public Keys

-Domain Profiles

Creating Domain Profiles:

Step 1

-Choose Mail Policies > Signing Profiles.

Step 2

-In the Domain Signing Profiles section, click Add Profile.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_1 4-0/b_ESA_Admin_Guide_12_1_chapter_010110.html?bookSearch=true

According to the [Cisco Secure Email Encryption Service Add-In User Guid e], you can create an encryption profile that defines the encryption settings and options for your encrypted messages[ 2 , p. 11]. You can also create an outgoing content filter that applies the encryption profile to the messages that match certain condition s, such as having [SECURE] in the subject header[ 2 , p. 12]. This wa y, you can allow users to flag the messages that require encryption by adding [SECURE] to the subject line.

The other options are not valid because:

A. Creating an encryption profile with [ SECURE] in the Subject setting and enabling encryption on the mail flow policy will not work, as the Subject setting in the encryption profile is used to specify the subject line of the encrypted message envelope, not the original message[ 2 , p. 11].

B. Cre ating an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting will not work, as this will encrypt all outgoing messages regardless of whether they have [SECURE] in the subjec t line or not[ 2 , p. 12].

D. Creating a DLP policy manager message action with encryption enabled and applying it to active DLP policies for outgoing mail will not work, as this will encrypt messages based on DLP rules that detect sensitive data in the message content, not based on user flags in the subject line.

To enable File Reputation and File Analysis on the Cisco Secure Email Gateway appliance, the administrator must configure the appliance to use SSL for the connection to the File Reputation server. This wi ll ensure that the communication between the appliance and the cloud service is secure and encrypted. The administrator must also upload a valid certificate from a trusted CA on the appliance for this purpose. The other options are not required or effectiv e for this task.  References : [Cisco Secure Email Gateway Administrator Guide - Configuring File Reputation and File Analysis]

Message Handling Settings:

Repaired Message Handling

Messages are considered repaired if the message was completely scanned and all viruses have been repaired or removed. These messages will be delivered as is.

Encrypted Message Handling

Messages are considered encrypted if the engine is unable to finish the scan due to an encrypted or protected field in the message. Messages that are marked encrypted may also be repaired.

Unscannable Message Handling

Messages are considered unscannable if a scanning timeout value has been reached, or the engine becomes unavailable due to an internal error. Messages that are marked unscannable may also be repaired.

Virus Infected Message Handling

The system may be unable to drop the attachment or completely repair a message. In these cases, you can configure how the system handles messages that could still contain viruses.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01011.html#con_1132282

A filter is a method that enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way. A filter is a rule that allows Cisco ESA to perform actions on messages based on predefined or custom conditions, such as headers, envelope, body, attachments, etc.

To deliver a flagged message to a specific virtual gateway address using a filter, the engineer can create a content filter or message filter that matches the flag condition and applies an action of “deliver via alternate host” with the virtual gateway address as the parameter.

The other options are not methods that enable an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way, because they have more limitations or requirements than using a filter.

To allow the Cisco ESA to encrypt an email using the CRES (Cisco Registered Envelope Service), a provisioned email encryption profile must be configured on Cisco ESA. A provisioned email encryption profile is a type of encryption profile that specifies how messages are encrypted using CRES, such as the encryption key strength, the notification options, the branding settings, etc.

SMTP AUTH is a valid fallback action when a client certificate is unavailable during SMTP authentication on Cisco ESA. SMTP AUTH is a method of authenticating SMTP clients using username and password credentials, which can be verified by an LDAP server or a local database on Cisco ESA.