Exam 350-701 topic 1 question 194 discussion

A should be correct - TCPREFUSE resets the TCP connection. The question asks for preventing the session during the initial TCP communication. The remaining answers do not specify dropping the communication at TCP level.

hm it seems there is no clear valid answer A - probably the best answer because if you configure as "TCPREFUSE" it will send a "reset" at tcp. B - the client gehts responses at a higher level than tcp C - its not at tcp layer D - its not at tcp layer https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118179-configure-esa-00.html

The answer is B. The hint is TCP and not referring to anything high than TCP. A would only be valid if the TCP connection had already been established and if the ESA has that reset ability. in this case reset wouldn't even do anything as their is no connection to reset as a connection is trying to be established. C and D don't have anything to do with the question.

Answer "B", REJECT would be the preferable solution based on this article: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118007-configure-esa-00.html. However, answering with "554 SMTP error" seems to correspond with Layer 7, and not with Layer 4 (TCP). A TCP Reset acts at Layer 4. Thus, for me it is "A".

Correct answer B. Checked with securitytut

I think it is B

A is correct. "prevent the session during the initial TCP communication" Only reset the TCP connection does this. B continues to communicate with the reject communication...

Typical ambiguous Cisco exam question. However I'd say A corresponds to TCPREFUSE and B corresponds to REJECT. B also mentions the word 'reject' in it. Also the link provided by multiple people in this thread states "A host that attempts to establish a connection to your ESA and encounters a REJECT will receive a 554 SMTP error (hard bounce)"

Based on the links already shared, the best answer would be B. C and D does not work at the TCP level, and option A does not really reset the TCP connection, just ignore it, so the sender will try again to send the email. Option B will work in a similar way to A, but instead of ignoring the TCP connection, will reject it so the sender won't try again. It's a difficult one, I don't hope that everybody agrees with me.

I think is A https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118214-configure-esa-00.html

B - its cisco question must be B https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118007-configure-esa-00.html

To prevent the session during the initial TCP communication with a known malicious domain and stop receiving spam emails, the appropriate action would be: A. Configure the Cisco ESA to reset the TCP connection. By configuring the Cisco ESA (Email Security Appliance) to reset the TCP connection, it would terminate the connection attempt during the initial handshake process. This prevents any further communication between the sender and the recipient, effectively blocking the spam emails from that malicious domain. Options B, C, and D are not specifically related to preventing the TCP session during initial communication: Option B: Configuring policies to stop and reject communication might be effective in blocking or filtering certain types of traffic or communication, but it doesn't specifically prevent the TCP session from being established.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118219-configure- esa-00.html

"You can configure your Email Security Appliance (ESA) to restrict connections by adding any of these items to Sender Groups which use Mail Flow Policies: IP range Specific host or domain name SenderBase Reputation Service (SBRS) "organization" classification SBRS score range DNS List query response Each Mail Flow Policy has an access rule, such as ACCEPT, REJECT, RELAY, CONTINUE, and TCPREFUSE. A host that attempts to establish a connection to your ESA and matches a Sender Group using a TCPREFUSE access rule is not allowed to connect to your ESA." Source (2014): https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118007-configure-esa-00.html Newer (2021) - the same but TCPREFUSE is replaced by "TCP refuse": https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/216842-understand-parameters-related-to-mail-fl.html

its B Each Mail Flow Policy has an access rule, such as ACCEPT, REJECT, RELAY, CONTINUE, and TCPREFUSE. A host that attempts to establish a connection to your ESA and matches a Sender Group using a TCPREFUSE access rule is not allowed to connect to your ESA. From the standpoint of the sending server, it will appear as if your server is unavailable. Most MTAs will retry frequently in this case, which will create more traffic then answering once with a clear hard bounce, for example, REJECT. https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118007-configure-esa-00.html

I think the answer is A according to the cisco definition: REJECT. Connection is initially accepted, but the client attempting to connect gets a 4XX or 5XX SMTP status code. No email is accepted. Note: You can also configure AsyncOS to perform this rejection at the message recipient level (RCPT TO), rather than at the start of the SMTP conversation. Rejecting messages in this way delays the message rejection and bounces the message, allowing AsyncOS to retain more detailed information about the rejected messages. This setting is configured from the CLI listenerconfig > setup command. TCPREFUSE. Connection is refused at the TCP level.

Answer is B.