Exam 350-701 topic 1 question 212 discussion

Guys, Recipient Table Address (RAT) is where you define which recipients can receive emails, not from where emails will be received from, that's on HAT. But since there isn't a HAT option then the closest thing for "known bad mail servers" is through Outbreak Filters which uses TALOS Global Threat Inteligence.

Cisco ESA uses a multilayer approach to fight viruses and malware: • The first layer of defense consists of outbreak filters, which the appliance downloads from Cisco SenderBase. They contain a list of known bad mail servers. These filters are generated by watching global email traffic patterns and looking for anomalies associated with an outbreak. When an email is received from a server on this list, it is kept in quarantine until the antivirus signatures are updated to counter the current threat. • The second layer of defense is using antivirus signatures to scan quarantined emails, to ensure that they do not carry viruses into the network. • Cisco ESA also scans outbound emails to provide antivirus protection.

"B and E" Cisco ESA uses a multilayer approach to fight viruses and malware: • The first layer of defense consists of outbreak filters, which the appliance downloads from Cisco SenderBase. They contain a list of known bad mail servers. These filters are generated by watching global email traffic patterns and looking for anomalies associated with an outbreak. When an email is received from a server on this list, it is kept in quarantine until the antivirus signatures are updated to counter the current threat. • The second layer of defense is using antivirus signatures to scan quarantined emails, to ensure that they do not carry viruses into the network. • Cisco ESA also scans outbound emails to provide antivirus protection.

BE - C wouldn't stop known bad senders.

Picked B & E Page 6 stated as follow Fighting Viruses and Malware Cisco ESA uses a multilayer approach to fight viruses and malware: • The first layer of defense consists of outbreak filters, which the appliance downloads from Cisco SenderBase. They contain a list of known bad mail servers. These filters are generated by watching global email traffic patterns and looking for anomalies associated with an outbreak. When an email is received from a server on this list, it is kept in quarantine until the antivirus signatures are updated to counter the current threat. • The second layer of defense is using antivirus signatures to scan quarantined emails, to ensure that they do not carry viruses into the network. • Cisco ESA also scans outbound emails to provide antivirus protection https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2013/CVD-EmailSecurityUsingCiscoESADesignGuide-AUG13.pdf

I'm going with B and E. B: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-0/user_guide/b_ESA_Admin_Guide_13-0/b_ESA_Admin_Guide_12_1_chapter_0101.html E: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-0/user_guide/b_ESA_Admin_Guide_13-0/b_ESA_Admin_Guide_12_1_chapter_01101.html

The answer cannot be A. Either single-armed deployment or dual-armed deployment, Cisco ESA is separate from DMZ. ESA is connected to DMZ, not in the DMZ. B is not correct as well. What is outbreak filter? An outbreak occurs when messages with attachments containing never-before-seen viruses or variants of existing viruses spread quickly through private networks and the Internet. The question does not specify to new virus. C is correct. Recipient access table (RAT) acceptance or rejection of recipient addresses. E is correct.

"delivery of mail from known bad mail servers must be prevented" that isn't C. RAT?

Agree with A and B