Table of Contents
Question
A list of company executives is routinely being spoofed, which puts the company at risk of malicious email attacks. An administrator must ensure that executive messages are originating from legitimate sending addresses. Which two steps must be taken to accomplish this task? (Choose two.)
A. Create an incoming content filter with SPF detection.
B. Create a content dictionary including a list of the names that are being spoofed.
C. Enable the Forged Email Detection feature under Security Settings.
D. Enable DMARC feature under Mail Policies.
E. Create an incoming content filter with the Forged Email Detection condition.
Answer
A. Create an incoming content filter with SPF detection.
D. Enable DMARC feature under Mail Policies.
Explanation
To ensure that executive messages are originating from legitimate sending addresses and mitigate the risk of email spoofing attacks, the administrator should take the following two steps:
A. Create an incoming content filter with SPF detection: SPF (Sender Policy Framework) is an email authentication method that helps verify the authenticity of the sending server. By creating an incoming content filter with SPF detection, the Cisco Email Security Appliance (ESA) can check if the sender’s IP address is authorized to send emails on behalf of the company’s domain. If the SPF check fails, the appliance can take appropriate actions, such as quarantining or rejecting the email, reducing the risk of spoofed messages.
D. Enable DMARC feature under Mail Policies: DMARC (Domain-based Message Authentication, Reporting, and Conformance) is another email authentication mechanism that builds upon SPF and adds alignment and reporting capabilities. By enabling the DMARC feature under Mail Policies, the Cisco ESA can enforce DMARC policies for incoming emails. DMARC verifies the alignment between the sender’s domain, the From address, and the authentication results (SPF and DKIM). It allows the organization to specify how to handle emails that fail authentication, such as rejecting or quarantining them. Enabling DMARC helps ensure that executive messages originating from legitimate sending addresses are properly authenticated and reduces the risk of malicious email attacks.
Now let’s briefly discuss the other answer options provided:
B. Create a content dictionary including a list of the names that are being spoofed: While creating a content dictionary including a list of spoofed names might be helpful for identifying suspicious emails, it does not directly ensure that executive messages originate from legitimate sending addresses. This step alone does not authenticate the sender’s identity or prevent email spoofing.
C. Enable the Forged Email Detection feature under Security Settings: The Forged Email Detection feature helps identify certain types of forged or spoofed emails by analyzing the message headers and content. While this feature can assist in detecting spoofed emails, it does not specifically address the task of ensuring that executive messages originate from legitimate sending addresses.
E. Create an incoming content filter with the Forged Email Detection condition: Creating an incoming content filter with the Forged Email Detection condition can help identify and filter out forged or spoofed emails. However, similar to option C, it does not directly address the requirement of ensuring that executive messages originate from legitimate sending addresses.
In conclusion, to ensure that executive messages originate from legitimate sending addresses and mitigate the risk of email spoofing attacks, the administrator should take the following two steps: create an incoming content filter with SPF detection and enable the DMARC feature under Mail Policies. These measures help authenticate the sender’s identity, validate the sending server, and enforce policies to handle emails that fail authentication, reducing the risk of malicious email attacks.
Securing Email with Cisco Email Security Appliance (300-720 SESA) certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Securing Email with Cisco Email Security Appliance (300-720 SESA) exam and earn Securing Email with Cisco Email Security Appliance (300-720 SESA) certification.