nerdexam
Exams300-720Questions#69
CiscoCisco

300-720 · Question #69

300-720 Question #69: Real Exam Question with Answer & Explanation

This question assesses the ability to classify Cisco ESA Data Loss Prevention (DLP) reactions into primary message disposition actions and secondary, supplementary actions.

Cisco ESA Data Loss Prevention

Question

Drag and Drop Question Drag and drop the Cisco ESA reactions to a possible DLP from the left onto the correct action types on the right. Answer:

Explanation

This question assesses the ability to classify Cisco ESA Data Loss Prevention (DLP) reactions into primary message disposition actions and secondary, supplementary actions.

Approach. The correct approach is to categorize the actions based on whether they represent the immediate, primary disposition of the message (Primary Actions) or supplementary modifications, logging, or alternative processing (Secondary Actions) within a DLP policy on a Cisco ESA.

  • Primary Actions are the direct outcomes for the message's flow. These actions determine the ultimate fate of the email.
    • deliver: The message is allowed to proceed to its intended recipient. This is a direct disposition if no violation occurs or if the policy permits delivery after assessment.
    • drop: The message is completely discarded and does not reach its destination. This is a definitive preventative action.
    • quarantine: The message is held in a special area for review by an administrator, sender, or recipient. This is an immediate, direct action for messages that trigger a potential policy violation.
  • Secondary Actions are actions that accompany or modify the message's primary disposition, or handle auxiliary tasks like logging or minor remediation.
    • send a copy to a policy quarantine: This is an auditing or logging action. A copy of the message is archived, while the original message still undergoes its primary action (deliver, drop, or quarantine).
    • encrypt messages: This action modifies the message's content to secure it before it is delivered (a primary action). It's a remediation step rather than a final disposition itself.
    • add a disclaimer: This action modifies the message by appending a notice before it is delivered. Similar to encryption, it's a content modification/remediation step.

Common mistakes.

  • common_mistake. A common mistake is confusing message modification or logging actions with primary disposition actions. For example, placing 'encrypt messages' or 'add a disclaimer' under 'Primary Actions' is incorrect because these actions typically modify the message content before it undergoes a primary action like 'deliver'. Similarly, 'send a copy to a policy quarantine' should not be mistaken for the primary 'quarantine' action; it implies archiving a copy, not necessarily holding the original message from its primary disposition. Another error would be placing 'deliver' in Secondary Actions, as 'deliver' is a fundamental outcome determining if the message reaches its destination.

Concept tested. The core concept tested is the understanding of Data Loss Prevention (DLP) policy actions within a Cisco Email Security Appliance (ESA), specifically differentiating between primary message disposition actions and secondary, supplementary actions.

Topics

#Cisco ESA#Data Loss Prevention#DLP actions

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-720 PracticeBrowse All 300-720 Questions