nerdexam
Cisco

350-701 · Question #220

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco Secure Email Gateway to acco

The correct answer is D. Configure Directory Harvest Attack Prevention. To prevent malicious actors from performing directory harvest attacks on a Cisco Secure Email Gateway with LDAP accept queries enabled, configuring Directory Harvest Attack Prevention is the correct measure.

Submitted by haru.x· Mar 30, 2026Content Security

Question

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco Secure Email Gateway to accomplish this goal?

Exhibit

350-701 question #220 exhibit

Options

  • AUse Bounce Verification
  • BConfigure incoming content filters.
  • CBypass LDAP access queries in the recipient access table.
  • DConfigure Directory Harvest Attack Prevention

How the community answered

(38 responses)
  • A
    5% (2)
  • B
    13% (5)
  • C
    3% (1)
  • D
    79% (30)

Why each option

To prevent malicious actors from performing directory harvest attacks on a Cisco Secure Email Gateway with LDAP accept queries enabled, configuring Directory Harvest Attack Prevention is the correct measure.

AUse Bounce Verification

Bounce Verification is a feature used to prevent backscatter spam by validating that incoming bounce messages are legitimate, not to prevent directory harvesting.

BConfigure incoming content filters.

Configuring incoming content filters is used to inspect the content of emails for spam, malware, or policy violations, not to prevent the enumeration of valid email addresses.

CBypass LDAP access queries in the recipient access table.

Bypassing LDAP access queries in the recipient access table would allow all recipients to be accepted without LDAP lookup, making it easier for attackers to identify valid recipients, thus directly contradicting the goal of preventing directory harvesting.

DConfigure Directory Harvest Attack PreventionCorrect

Directory Harvest Attack (DHA) Prevention on the Cisco Secure Email Gateway is specifically designed to thwart attempts by attackers to guess valid email addresses by sending a large number of invalid recipient addresses and observing the server's responses. This feature protects the directory when LDAP accept queries are enabled by limiting the information provided to potential attackers about valid recipients.

Concept tested: Cisco Secure Email Gateway DHA Prevention

Source: https://www.cisco.com/c/en/us/td/docs/security/ces/email_security_appliance/12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011.html#concept_AC4E8D77A5B6488DA393B574F9A64366

Topics

#Cisco Secure Email Gateway#Directory Harvest Attack Prevention#Email recipient enumeration#LDAP security

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice