Study Smarter for the 300-720 Exam with Our Free and Reliable 300-720 Exam Questions – Updated for 2025.

At Cert Empire, we are committed to delivering the most accurate and up-to-date exam questions for students preparing for the Cisco 300-720 Exam. To make studying easier, we’ve made parts of our 300-720 exam resources free for everyone. You can practice as much as you want with Free 300-720 Practice Test.

Get 300-720 Exam Dumps

CISCO 300-720 Free Exam Questions

Disclaimer

Please keep a note that the demo questions are not frequently updated. You may as well find them in open communities around the web. However, this demo is only to depict what sort of questions you may find in our original files.

Nonetheless, the premium exam dumps files are frequently updated and are based on the latest exam syllabus and real exam questions.

1 / 60

Which SMTP extension does Cisco ESA support for email security?

STARTTLS

PIPELINING

UTF8SMTP

ETRN

2 / 60

Which benefit does enabling external spam quarantine on Cisco SMA provide?

Ability to consolidate spam quarantine data from multiple Cisco ESA to one central console

Ability to scan messages by using two engines to increase a catch rate

Access to the spam quarantine interface on which a user can release, duplicate, or delete

Ability to back up spam quarantine from multiple Cisco ESAs to one central console

3 / 60

When the Spam Quarantine is configured on the Cisco ESA, what validates end-users via LDAP during login to the End-User Quarantine?

Spam Quarantine End-User Authentication Query

Spam Quarantine Alias Consolidation Query

Spam Quarantine External Authentication Query

Enabling the End-User Safelist/Blocklist feature

4 / 60

When email authentication is configured on Cisco ESA, which two key types should be selected on the signing profile? (Choose two.)

DKIM, Domain Keys

Public Keys, Symmetric Keys

Domain Keys, Private Keys

Symmetric Keys, DKIM

Private Keys, DKIM

5 / 60

Which setting affects the aggressiveness of spam detection?

Spam timeout

Maximum depth of recursion scan

Protection level

Spam threshold

6 / 60

Which feature utilizes sensor information obtained from Talos intelligence to filter email servers connecting into the Cisco ESA?

SpamCop Reputation Filtering

Talos Reputation Filtering

Connection Reputation Filtering

SenderBase Reputation Filtering

7 / 60

Which two action types are performed by Cisco ESA message filters? (Choose two.)

Non-final actions, Final actions

Filter actions, Quarantine actions

Discard actions, Non-final actions

Final actions, Filter actions

Quarantine actions, Discard actions

8 / 60

What are two phases of the Cisco ESA email pipeline? (Choose two.)

Reject, Action

Workqueue, Delivery

Action, Quarantine

Delivery, Reject

Quarantine, Workqueue

9 / 60

Which antispam feature is utilized to give end users control to allow emails that are spam to be delivered to their inbox, overriding any spam verdict and action on the Cisco ESA?

End user safelist

End user passthrough list

End user allow list

End user spam quarantine access

10 / 60

What is the order of virus scanning when multilayer antivirus scanning is configured?

The McAfee engine scans for viruses first and the Sophos engine scans for viruses second

The McAfee engine scans for viruses first and the default engine scans for viruses second

The Sophos engine scans for viruses first and the McAfee engine scans for viruses second

The default engine scans for viruses first and the McAfee engine scans for viruses second

11 / 60

What are two prerequisites for implementing undesirable URL protection in Cisco ESA? (Choose two.)

Enable outbreak filters, Enable antispam scanning

Enable email relay, Enable antivirus scanning

Enable antispam scanning, Enable port bouncing

Enable port bouncing, Enable outbreak filters

Enable antivirus scanning, Enable antispam scanning

12 / 60

Which suboption must be selected when LDAP is configured for Spam Quarantine End-User Authentication?

Entity ID

Server Priority

Update Frequency

Designate as the active query

13 / 60

Which action must be taken before a custom quarantine that is being used can be deleted?

Remove the quarantine from the message action of a filter

Delete the quarantine that is not assigned to a filter

Delete only the unused quarantine

Delete the quarantine that is assigned to a filter

14 / 60

What is the maximum message size that can be configured for encryption on the Cisco ESA?

30 MB

15 MB

20 MB

25 MB

15 / 60

An analyst creates a new content dictionary to use with Forged Email Detection.
Which entry will be added into the dictionary?

[email protected]

^Alpha Beta$

mycompany.com

Alpha Beta

16 / 60

Which two query types are available when an LDAP profile is configured? (Choose two.)

Proxy consolidation, User

User, Recursive

Recursive, Routing

Group, Routing

Routing, Proxy consolidation

17 / 60

Which action is a valid fallback when a client certificate is unavailable during SMTP authentication on Cisco ESA?

LDAP BIND

SMTP TLS

LDAP Query

SMTP AUTH

18 / 60

Which process is skipped when an email is received from safedomain.com, which is on the safelist?

Antispam scanning

Message filter

Outbreak filter

Antivirus scanning

19 / 60

What is the default behavior of any listener for TLS communication?

Preferred-verify

Preferred

Required

Off

20 / 60

When DKIM signing is configured, which DNS record must be updated to load the DKIM public signing key?

TXT record

MX record

PTR record

AAAA record

21 / 60

An organization has a strict policy on URLs embedded in emails. The policy allows visibility into what the URL is but does not allow the user to click it. Which action must be taken to meet the requirements of the security policy?

Redirect the URL to the Cisco security proxy

Replace the URL with text

Defang the URL

Enable the URL quarantine policy

22 / 60

An organization has multiple Cisco Secure Email Gateway appliances deployed, resulting in several spam quarantines to manage. To manage the quarantined messages, the administrator enabled the centralized spam quarantine on the Cisco Secure Email and Web Manager appliance and configured the external spam quarantine on the Cisco Secure Email Gateway appliances. However, messages are still being directed to the local quarantine on the Cisco Secure Email Gateway appliances What change is necessary to complete the configuration?

Disable the local spam quarantine on the Cisco Secure Email Gateway appliances

Modify the external spam quarantine settings on the Cisco Secure Email Gateway appliances and change the port to 25

Disable the external spam quarantine on the Cisco Secure Email Gateway appliances

Modify the incoming mail policies on the Cisco Secure Email Gateway appliances to redirect to the external quarantine

23 / 60

Refer to the exhibit.

Which additional configuration action must be taken to protect against Directory Harvest Attacks?

In the mail flow policy, configure Directory Harvest Attack Prevention

In the Listener Settings, modify the LDAP Queries configuration to use the Work Queue

In the LDAP Server profile, configure Directory Harvest Attack Prevention

When LDAP Queries are configured, Directory Harvest Attack Prevention is enabled by default

24 / 60

Refer to the exhibit.

What results from this filter configuration?

Action is skipping all antispam checks for the mail

Action is applied to all mail from [email protected]

Action is applied to all mail that has the subject 'FW: Bounce Notification

Action is skipping all antivirus checks for the mail

25 / 60

A Cisco Secure Email Gateway administrator must provide outbound email authenticity and configures a DKIM signing profile to handle this task. What is the next step to allow this organization to use DKIM for their outbound email?

Configure the Trusted Sender Group message authenticity policy

Import the DNS record of the service provider into the Cisco Secure Email Gateway

Enable the DKIM service checker

Export the DNS TXT record to provide to the DNS registrar

26 / 60

Which two factors must be considered when message filter processing is configured? (Choose two.)

Message-filter order, MIME structure of the message

Lateral processing, Structure of the combined packet

Structure of the combined packet, Mail policies

Mail policies, MIME structure of the message

MIME structure of the message, Message-filter order

27 / 60

Which method enables an engineer to deliver a flagged message to a specific virtual gateway address in the most flexible way?

Apply a filter on the message

Map the envelope sender address to the host

Issue the altsrchost command

Set up the interface group with the flag

28 / 60

How does the graymail safe unsubscribe feature function?

It checks the reputation of the URI and performs the unsubscribe process on behalf of the end user

It redirects the end user who clicks the unsubscribe button to a sandbox environment to allow a safe unsubscribe

It checks the URI reputation and category and allows the content filter to take an action on it

It strips the malicious content of the URI before unsubscribing

29 / 60

Which type of query must be configured when setting up the Spam Quarantine while merging notifications?

Spam Quarantine Alias Masquerading Query

Spam Quarantine Alias Authentication Query

Spam Quarantine Alias Routing Query

Spam Quarantine Alias Consolidation Query

30 / 60

What occurs when configuring separate incoming mail policies?

Message aggregation

Message detachment

Message exceptions

Message splintering

31 / 60

Which two actions are configured on the Cisco ESA to query LDAP servers? (Choose two.)

Accept, Route

Relay, Delay

Delay, Reject

Route, Relay

Reject, Accept

32 / 60

Which two features of Cisco Email Security are added to a Sender Group to protect an organization against email threats? (Choose two.)

NetFlow, Heuristic-based filtering

Geolocation-based filtering, Senderbase reputation filtering

Heuristic-based filtering, Senderbase reputation filtering

Senderbase reputation filtering, Content disarm and reconstruction

Content disarm and reconstruction, NetFlow

33 / 60

Email encryption is configured on a Cisco ESA that uses CRES.
Which action is taken on a message when CRES is unavailable?

It is sent in clear text

It is encrypted by a Cisco encryption appliance

It is dropped and an error message is sent to the sender

It is requeued

34 / 60

What is the difference between policy quarantine and spam quarantine on Cisco ESA?

Policy quarantine is for emails that violate organizational policies, while spam quarantine is for unsolicited bulk emails

There is no difference between policy quarantine and spam quarantine

Policy quarantine is for emails from specific senders, while spam quarantine is for emails with specific content

Policy quarantine is for unwanted but not necessarily malicious emails, while spam quarantine is for truly malicious emails

Policy quarantine is for legitimate but low-priority emails, while spam quarantine is for high-priority emails

35 / 60

How can Cisco ESA administrator manage messages in external spam quarantines?

By using LDAP queries

By using SMTP authentication

By configuring virtual gateways

By utilizing blocklists

By configuring DLP policies

36 / 60

What are some hardware performance specifications of Cisco Email Security Appliance?

Processor speed and RAM

Wi-Fi speed and range

Screen resolution and refresh rate

Camera resolution and video recording capabilities

37 / 60

When outbreak filters are configured, which two actions are used to protect users from outbreaks?

Redirect, Delay

Return, Abandon

Drop, Delay

Delay, Abandon

Abandon, Redirect

38 / 60

How can Cisco ESA administrator configure virtual gateways?

By defining relay hosts

None of the above

By creating user accounts

By configuring message filters

By creating custom templates

39 / 60

Which of the following is a benefit of using virtual gateways on Cisco ESA?

All of the above

Easier message tracking

Enhanced security

Increased message delivery speed

Reduced network traffic

40 / 60

What are centralized services in a Cisco Content SMA?

Services that are located on a single device and can be used by other devices in the network

Services that are only used for email security

Services that are located on the cloud

Services that are configured on each individual device in a network

41 / 60

Which scenario prevents a message from being sent to the quarantine as an action in the scan behavior on Cisco ESA?

The "add custom header" action is performed first

The "modify the message subject" is already set

A policy quarantine is missing

More than one email pipeline is defined

42 / 60

What are two primary components of content filters? (Choose two.)

Conditions, Actions

Subject, Policies

Content, Actions

Actions, Conditions

Policies, Subject

43 / 60

An engineer is testing mail flow on a new Cisco ESA and notices that messages for domain abc.com are stuck in the delivery queue. Upon further investigation, the engineer notices that the messages pending delivery are destined for 192.168.1.11, when they should instead be routed to 192.168.1.10.

What configuration change needed to address this issue?

Modify the SMTP route for the domain and change the IP address to 192.168.1.10

Modify the Routing Tables and add a route for IP address to 192.168.1.10

Modify Destination Controls entry for the domain abc.com

Add an address list for domain abc.com

44 / 60

When the Cisco ESA is configured to perform antivirus scanning, what is the default timeout value?

60 seconds

120 seconds

90 seconds

30 seconds

45 / 60

Which two configurations are used on multiple LDAP servers to connect with Cisco ESA? (Choose two.)

Load balancing, Failover

SLA monitor, Active-active

Active-standby, Failover

Failover, SLA monitor

Active-active, Active-standby

46 / 60

Which action on the Cisco ESA provides direct access to view the safelist/blocklist?

Export the SLBL to a .csv file

Debug the mail flow policy

Show the SLBL cache on the CL

Monitor Incoming/Outgoing Listener

47 / 60

Which Cisco ESA security service is configured only through an outgoing mail policy?

DLP

AMP

Outbreak Filters

antivirus

48 / 60

What is the default port to deliver emails from the Cisco ESA to the Cisco SMA using the centralized Spam Quarantine?

8025

6443

6025

8443

49 / 60

A Cisco ESA administrator was notified that a user was not receiving emails from a specific domain. After reviewing the mail logs, the sender had a negative sender-based reputation score.

What should the administrator do to allow inbound email from that specific domain?

Add the domain into the allow list

Modify the firewall to allow emails from the domain

Ask the user to add the sender to the email application's allow list

Create a new inbound mail policy with a message filter that overrides Talos

50 / 60

Refer to the exhibit.

Which SPF record is valid for mycompany.com?

v=spf1 a mx ip4:172.16.18.230 -all

v=spf1 a mx ip4:199.209.31.21 -all

v=spf1 a mx ip4:10.1.10.23 -all

v=spf1 a mx ip4:199.209.31.2 -all

51 / 60

Refer to the exhibit.

How should this configuration be modified to stop delivering Zero Day malware attacks?

Configure mailbox auto-remediation

Apply Prepend on Modify Message Subject under Malware Attachments

Change File Analysis Pending action from Deliver As Is to Quarantine

Change Unscannable Action from Deliver As Is to Quarantine

52 / 60

An organization wants to use DMARC to improve its brand reputation by leveraging DNS records.

Which two email authentication mechanisms are utilized during this process? (Choose two.)

DSTP, TLS

DKIM, PKI

TLS, DSTP

PKI, DKIM

53 / 60

An administrator identifies that, over the past week, the Cisco ESA is receiving many emails from certain senders and domains which are being consistently quarantined. The administrator wants to ensure that these senders and domain are unable to send anymore emails.

Which feature on Cisco ESA should be used to achieve this?

S/MIME Sending Profile

Blocklist

Safelist

Incoming mail policiescorrect

54 / 60

Refer to the exhibit.

An engineer needs to change the existing Forged Email Detection message filter so that it references a newly created dictionary named ‘Executives’.

What should be done to accomplish this task?

Change "support" to "Executives"

Change fed' to "Executives"

Change "TESF to "Executives"

Change "from" to "Executives"

55 / 60

Which two steps configure Forged Email Detection? (Choose two.)

Configure a content dictionary with executive email addresses, Configure a filter to check the Header From value against the Forged Email Detection dictionary

Configure a filter to use the Forged Email Detection rule and dictionary, Configure a content dictionary with friendly names

Configure a filter to check the Header From value against the Forged Email Detection dictionary, Enable Forged Email Detection on the Security Services page

Enable Forged Email Detection on the Security Services page, Configure a content dictionary with executive email addresses

Configure a content dictionary with friendly names, Configure a filter to check the Header From value against the Forged Email Detection dictionary

56 / 60

An engineer is configuring a Cisco ESA for the first time and needs to ensure that any email traffic coming from the internal SMTP servers is relayed out through the Cisco ESA and is tied to the Outgoing Mail Policies.

Which Mail Flow Policy setting should be modified to accomplish this goal?

Bounce Detection Signing

Reverse Connection Verification

Exception List

Connection Behavior

57 / 60

Which Cisco Secure Email Threat Defense visibility and remediation mode is only available when using Cisco Secure Email Gateway as the message source?

Cisco Security Cloud Sign On

Microsoft 365 Authentication

Basic Authentication

No Authentication

58 / 60

A company has deployed a new mandate that requires all emails sent externally from the Sales Department to be scanned by DLP for PCI-DSS compliance. A new DLP policy has been created on the Cisco ESA and needs to be assigned to a mail policy named 'Sales' that has yet to be created.

Which mail policy should be created to accomplish this task?

Incoming Mail Flow Policy

Outgoing Mail Flow Policy

Preliminary Mail Policy

Outgoing Mail Policy

59 / 60

Which type of DNS record would contain the following line, which references the DKIM public key per RFC 6376?

v=DKIM1; p=76E629F05F709EF665853333EEC3F5ADE69A2362BECE406582670456943283BE

TXT

PTR

CNAME

AAAA

60 / 60

What is the primary function of an ASA (Adaptive Security Appliance) in a network?

To provide DNS services

To provide VPN and firewall security

To provide wireless connectivity

To provide network routing

Your score is

The average score is 0%

By Wordpress Quiz plugin

Free 300-720 SESA Exam Questions – 2025 Updated

Study Smarter for the 300-720 Exam with Our Free and Reliable 300-720 Exam Questions – Updated for 2025.

Disclaimer

[email protected]

Helpful links

top Vendors

Contact Us

[email protected]

FLASH OFFER

avail $6 DISCOUNT on YOUR PURCHASE