350-701 Question #187: Real Exam Question with Answer & Explanation

Question

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?

Options

• AConfigure the Cisco WSA to modify policies based on the traffic seen.
• BConfigure the Cisco Secure Email Gateway to receive real-time updates from Talos
• CConfigure the Cisco WSA to receive real-time updates from Talos.
• DConfigure the Cisco Secure Email Gateway to modify policies based on the traffic seen.

Explanation

Option B is correct because SPAM is an email-based threat, making the Cisco Secure Email Gateway (not the WSA) the appropriate product, and receiving real-time updates from Talos - Cisco's threat intelligence engine - is what enables dynamic harm assessment as new spam campaigns emerge.

Why the distractors fail:

• A & C (WSA options): The Cisco Web Security Appliance handles web/URL traffic, not email. Using it for SPAM would be the wrong product entirely - WSA doesn't process inbound email messages.
• D: Modifying policies based on traffic seen is a passive, retrospective approach. It reacts after the fact rather than providing real-time, dynamic threat intelligence; it would not satisfy the "dynamically" requirement in the question.

Memory tip: Use the equation Email threat → Email Gateway + Talos real-time = dynamic response. Whenever a question mentions "dynamic" or "real-time" threat assessment in Cisco's ecosystem, Talos is almost always the answer component - and always pair the threat type (email vs. web) to the correct appliance (SEG vs. WSA).

No community discussion yet for this question.