350-701 · Question #220
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco Secure Email Gateway to acco
The correct answer is D. Configure Directory Harvest Attack Prevention. To prevent malicious actors from performing directory harvest attacks on a Cisco Secure Email Gateway with LDAP accept queries enabled, configuring Directory Harvest Attack Prevention is the correct measure.
Question
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco Secure Email Gateway to accomplish this goal?
Exhibit
Options
- AUse Bounce Verification
- BConfigure incoming content filters.
- CBypass LDAP access queries in the recipient access table.
- DConfigure Directory Harvest Attack Prevention
How the community answered
(38 responses)- A5% (2)
- B13% (5)
- C3% (1)
- D79% (30)
Why each option
To prevent malicious actors from performing directory harvest attacks on a Cisco Secure Email Gateway with LDAP accept queries enabled, configuring Directory Harvest Attack Prevention is the correct measure.
Bounce Verification is a feature used to prevent backscatter spam by validating that incoming bounce messages are legitimate, not to prevent directory harvesting.
Configuring incoming content filters is used to inspect the content of emails for spam, malware, or policy violations, not to prevent the enumeration of valid email addresses.
Bypassing LDAP access queries in the recipient access table would allow all recipients to be accepted without LDAP lookup, making it easier for attackers to identify valid recipients, thus directly contradicting the goal of preventing directory harvesting.
Directory Harvest Attack (DHA) Prevention on the Cisco Secure Email Gateway is specifically designed to thwart attempts by attackers to guess valid email addresses by sending a large number of invalid recipient addresses and observing the server's responses. This feature protects the directory when LDAP accept queries are enabled by limiting the information provided to potential attackers about valid recipients.
Concept tested: Cisco Secure Email Gateway DHA Prevention
Source: https://www.cisco.com/c/en/us/td/docs/security/ces/email_security_appliance/12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011.html#concept_AC4E8D77A5B6488DA393B574F9A64366
Topics
Community Discussion
No community discussion yet for this question.
