Skip to Content

Cisco 300-720 SESA: Which action must be taken by Outbreak Filters

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Question

A network engineer is implementing a virus outbreak filter on a Cisco ESA by using the Outbreak Filters feature with plans to perform an additional scan by using a content filter. Which action must be taken by the Outbreak Filters?

A. Scan processed messages by using two engines simultaneously.
B. Send a copy of messages to quarantine.
C. Send processed messages to the Cisco ESA.
D. Scan processed messages by using a secondary instance of the Cisco ESA.

Answer

C. Send processed messages to the Cisco ESA.

Explanation

The correct answer is C. Send processed messages to the Cisco ESA.

Outbreak Filters is a feature on the Cisco ESA that can protect your network from large-scale virus outbreaks and smaller, non-viral attacks, such as phishing scams and malware distribution, as they occur. Outbreak Filters use three tactics to protect your users from outbreaks: delay, redirect, and modify.

  • Delay: Outbreak Filters quarantine messages that may be part of a virus outbreak or non-viral attack. While quarantined, the appliance receives updated outbreak information and rescans the message to confirm whether it’s part of an attack.
  • Redirect: Outbreak Filters rewrite the URLs in non-viral attack messages to redirect the recipient through the Cisco web security proxy if they attempt to access any of the linked websites. The proxy displays a splash screen that warns the user that the website may contain malware, if the website is still operational, or displays an error message if the website has been taken offline.
  • Modify: In addition to rewriting URLs in non-viral threat messages, Outbreak Filters can modify a message’s subject and add a disclaimer above the message body to warn users about the message’s content.

If you want to perform an additional scan by using a content filter, you need to configure Outbreak Filters to send processed messages to the Cisco ESA. This will allow the appliance to apply content filtering rules to the messages that have been scanned by Outbreak Filters. You can also specify exceptions for trusted senders or recipients that you do not want to apply content filtering to.

The other options are not correct because:

  • Scan processed messages by using two engines simultaneously (option A) is not possible with Outbreak Filters. Outbreak Filters use Cisco Threat Response technology to analyze global email traffic patterns and identify abnormal behavior that indicates a potential outbreak. They do not use any antivirus engines to scan messages.
  • Send a copy of messages to quarantine (option B) is not necessary for performing an additional scan by using a content filter. Sending a copy of messages to quarantine will only store a duplicate of the messages in a separate quarantine area for later review or release. It will not allow the appliance to apply content filtering rules to the messages.
  • Scan processed messages by using a secondary instance of the Cisco ESA (option D) is not required for performing an additional scan by using a content filter. Scanning processed messages by using a secondary instance of the Cisco ESA will only increase the complexity and cost of your email security solution. It will not provide any additional benefits over sending processed messages to the same Cisco ESA.

Reference

Securing Email with Cisco Email Security Appliance (300-720 SESA) certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Securing Email with Cisco Email Security Appliance (300-720 SESA) exam and earn Securing Email with Cisco Email Security Appliance (300-720 SESA) certification.