Table of Contents
Question
A network administrator has enabled virus scanning with the Sophos antivirus engine and set the “drop infected mail” option on a Cisco ESA; however, end users are still complaining about the large number of phishing emails they receive. What must be done to resolve this problem?
A. Configure Reputation Filtering
B. Configure Content Filtering
C. Configure Outbreak Filtering
D. Change the antivirus engine to McAfee.
Answer
B. Configure Content Filtering
Explanation
To resolve the problem of receiving a large number of phishing emails despite enabling virus scanning with the Sophos antivirus engine and setting the “drop infected mail” option on a Cisco ESA, the appropriate solution would be to configure Content Filtering (Option B).
Content Filtering allows you to apply policies to incoming and outgoing email messages based on their content. It can be used to filter out unwanted or malicious content, including phishing emails. By configuring Content Filtering on the Cisco ESA, you can create rules and policies that specifically target phishing emails and take appropriate actions such as blocking or quarantining them.
Here’s a comprehensive explanation of the options:
A. Reputation Filtering: Reputation Filtering is a feature that allows you to evaluate the reputation of an email sender or sender’s domain based on various factors such as previous behavior, volume of email sent, etc. While Reputation Filtering can help in identifying and blocking emails from known bad senders, it may not specifically target phishing emails. Therefore, it may not completely resolve the problem described in the question.
B. Content Filtering: Content Filtering examines the content of emails and applies policies based on specified criteria. By configuring Content Filtering, you can create rules to detect and block phishing emails based on specific characteristics such as keywords, URLs, or email headers commonly used in phishing attempts. This option is most likely the appropriate solution to address the problem of receiving a large number of phishing emails.
C. Outbreak Filtering: Outbreak Filtering is a feature that helps protect against emerging threats by identifying patterns or signatures of new virus outbreaks. While it can be effective in detecting and blocking new virus outbreaks, it may not specifically address the issue of phishing emails. Therefore, it may not be the most appropriate solution in this scenario.
D. Changing the antivirus engine to McAfee: Changing the antivirus engine to McAfee is not a direct solution to the problem of receiving phishing emails. The antivirus engine primarily focuses on detecting and blocking viruses, malware, and other types of malicious code. Phishing emails often contain social engineering elements and may not always be detected solely by the antivirus engine. Therefore, changing the antivirus engine may not resolve the problem as effectively as configuring Content Filtering.
In conclusion, to effectively address the issue of receiving a large number of phishing emails despite enabling virus scanning with the Sophos antivirus engine, configuring Content Filtering (Option B) on the Cisco ESA would be the most suitable solution.
Reference
- Cisco Secure Email Advanced Email Protection Data Sheet – Cisco
- Integrating the Email Gateway with Cisco Advanced Phishing Protection
- cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_ces_13-5-1/m_advanced_phishing_protection.html
Securing Email with Cisco Email Security Appliance (300-720 SESA) certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Securing Email with Cisco Email Security Appliance (300-720 SESA) exam and earn Securing Email with Cisco Email Security Appliance (300-720 SESA) certification.