300-720 Question #120: Real Exam Question with Answer & Explanation

Question

A network administrator has enabled virus scanning with the Sophos antivirus engine and set the "drop infected mail" option on a Cisco ESA; however, end users are still complaining about the large number of phishing emails they receive. What must be done to resolve this problem?

Options

• AConfigure Reputation Filtering
• BConfigure Content Filtering
• CConfigure Outbreak Filtering
• DChange the antivirus engine to McAfee.

Explanation

{"question_number": 5, "question": "A network administrator has enabled virus scanning with the Sophos antivirus engine and set the 'drop infected mail' option on a Cisco ESA; however, end users are still complaining about the large number of phishing emails they receive.", "correct_answer": "C", "explanation": "Antivirus engines like Sophos detect known malware using signatures. Phishing emails, however, typically contain no malware - they rely on social engineering (fake login pages, deceptive links) and therefore bypass antivirus scanning entirely. Outbreak Filtering addresses this gap by leveraging Cisco Talos threat intelligence to detect emerging phishing campaigns in near-real-time, even before antivirus signatures are updated. It analyzes URL patterns, message structure, and global threat data to identify phishing attempts. Option A (Reputation Filtering) focuses on sender IP reputation and would not catch phishing from reputable servers. Option B (Content Filtering) can help but requires manual rule creation and does not use real-time threat feeds. Option D (switching to McAfee) does not solve the problem since the issue is the type of threat, not the AV engine brand.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.