An organization is receiving SPAM emails from a known malicious domain What must be configured in order to prevent the session during the initial TCP communication?
Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?
Correct Answer: D
Question 243
An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?
Correct Answer: D
You specify primary and secondary actions that the appliance will take when it detects a possible DLP violation in an outgoing message. Different actions can be assigned for different violation types and severities. Primary actions include: - Deliver - Drop - Quarantine Secondary actions include: - Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations. When you release the copy from the quarantine, the appliance delivers the copy to the recipient, who will have already received the original message. - Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers. - Altering the subject header of messages containing a DLP violation. - Adding disclaimer text to messages. - Sending messages to an alternate destination mailhost. - Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical DLP violations to a compliance officer's mailbox for examination.) - Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP compliance officer. Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/ b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html in an outgoing message. Different actions can be assigned for different violation types and severities. Primary actions include: - Deliver - Drop - Quarantine Secondary actions include: - Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations. When you release the copy from the quarantine, the appliance delivers the copy to the recipient, who will have already received the original message. - Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers. - Altering the subject header of messages containing a DLP violation. - Adding disclaimer text to messages. - Sending messages to an alternate destination mailhost. - Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical DLP violations to a compliance officer's mailbox for examination.) - Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP compliance officer. Reference: You specify primary and secondary actions that the appliance will take when it detects a possible DLP violation in an outgoing message. Different actions can be assigned for different violation types and severities. Primary actions include: - Deliver - Drop - Quarantine Secondary actions include: - Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations. When you release the copy from the quarantine, the appliance delivers the copy to the recipient, who will have already received the original message. - Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers. - Altering the subject header of messages containing a DLP violation. - Adding disclaimer text to messages. - Sending messages to an alternate destination mailhost. - Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical DLP violations to a compliance officer's mailbox for examination.) - Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP compliance officer. Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/ b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html
Question 244
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?
Correct Answer: C
A posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File. In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware; and we can also configure ISE to update the client with this patch.
Question 245
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
Correct Answer: C,E
You can also bring up the port by using these commands: + The "shutdown" interface configuration command followed by the "no shutdown" interface configuration command restarts the disabled port. + The "errdisable recovery cause ..." global configuration command enables the timer to automatically recover error-disabled state, and the "errdisable recovery interval interval" global configuration command specifies the time to recover error-disabled state.
