An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?
How Sender IP Reputation Filters Work
Sender IP Reputation filter technology aims to shunt as much mail as possible from the remaining security services processing that is available on the email gateway. (See Understanding the Email Pipeline.)
When sender reputation filtering is enabled, mail from known bad senders is simply refused. Known good mail from global 2000 companies is automatically routed around the spam filters, reducing the chance of false positives. Unknown, or “grey” email is routed to the anti-spam scanning engine. Using this approach, Sender IP Reputation filters can reduce the load on the content filters by as much as 50%.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa15-0/user_guide/b_ESA_Admin_Guide_15-0/b_ESA_Admin_Guide_12_1_chapter_0101.html
Requirements for Graymail Detection and Safe Unsubscribing
For graymail detection, anti-spam scanning must be enabled globally. This can be either the IronPort Anti-Spam, the Intelligent Multi-Scan feature, or Outbreak Filters. See Managing Spam and Graymail.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa15-0/user_guide/b_ESA_Admin_Guide_15-0/b_ESA_Admin_Guide_12_1_chapter_01110.html#id_101033
For grey zones is the Reputation Filter (C) relevant based on this:
https://www.ironportstore.com/Reputation-Filters.asp?srsltid=AfmBOor9GVrvYe3YVBa8qgMN2H3vQMfzRVEzX2wo4sVXUjP7U33but3_
https://www.ironportstore.com/datasheets/datasheet-email-security-advanced.pdf?srsltid=AfmBOopqQoXF_ov5ijtm3LjpA9THOCBj6hc4Nc0doMWZnkgP1680VO35
"Requirements for Graymail Detection and Safe Unsubscribing
For graymail detection, anti-spam scanning must be enabled globally. This can be either the IronPort Anti-Spam, the Intelligent Multi-Scan feature, or Outbreak Filters"
To effectively block greymail for end users on a Cisco ESA (Email Security Appliance), the administrator should enable the "IP Reputation Filtering" feature. Greylisting is a technique used to combat spam emails by temporarily rejecting emails from unknown senders. IP Reputation Filtering helps in identifying and blocking emails from sources with poor reputation scores, which often includes sources associated with sending spam or greymail. Therefore, by enabling IP Reputation Filtering, the administrator can effectively block greymail for end users. So the correct answer is:
The Intelligent Multi-Scan feature enhances the scanning capabilities of the Cisco ESA by utilizing multiple AV engines and advanced analysis techniques to identify and block various types of threats - including malware, viruses, and phishing emails. While it may help in detecting and blocking graymail to an extent, it's not specifically designed for that purpose.
To effectively block graymail, which typically involves emails from sources with poor reputation scores but may not necessarily contain malware or other malicious content, enabling the IP Reputation Filtering feature would be more suitable. IP Reputation Filtering helps to identify and block emails from sources with known poor reputations - which often includes sources associated with graymail.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa15-0/user_guide/b_ESA_Admin_Guide_15-0/b_ESA_Admin_Guide_12_1_chapter_0101.html
Read the section "How Sender IP Reputation Filters Works"
It is A - specifically designed for that - Greymail engine. Issue of your statements is in understanding what greymail is.
Overview of Graymail - as per link
Graymail messages are messages that do not fit the definition of spam, for example, newsletters, mailing list subscriptions, social media notifications, and so on. These messages were of use at some point in time, but have subsequently diminished in value to the point where the end user no longer wants to receive them.
The difference between graymail and spam is that the end user intentionally provided an email address at some point (for example, the end user subscribed to a newsletter on an e-commerce website or provided contact details to an organization during a conference) as opposed to spam, messages that the end user did not sign up for.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/b_ESA_Admin_Guide_12_1_chapter_01110.html#id_101033
Answer 'A' is correct:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjbkeqf2uD7AhUESuUKHTnDDrMQFnoECCQQAQ&url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fsecurity%2Fesa%2Fesa11-0%2Fuser_guide%2Fb_ESA_Admin_Guide%2Fb_ESA_Admin_Guide_chapter_01101.pdf&usg=AOvVaw2y8Tk0duu03elkbSJ45LZP
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ITPro21
1 month, 2 weeks agodfb0b7d
4 months, 2 weeks agoPremium_Pils
5 months, 3 weeks agoHappy_Shepherd26
7 months agoDRooz
1 year agoTthurston1
1 year, 1 month agoTthurston1
1 year, 1 month agoRododendron2
1 year agoluisseijuro
2 years, 3 months agoNoUserName1234
2 years, 6 months ago