Which two features of Cisco Email Security are added to a Sender Group to protect an organization against email threats? (Choose two.)

A. NetFlow

B. geolocation-based filtering

C. heuristic-based filtering

D. senderbase reputation filtering

E. content disarm and reconstruction

What is the order of virus scanning when multilayer antivirus scanning is configured?

A. The default engine scans for viruses first and the McAfee engine scans for viruses second.

B. The Sophos engine scans for viruses first and the McAfee engine scans for viruses second.

C. The McAfee engine scans for viruses first and the default engine scans for viruses second.

D. The McAfee engine scans for viruses first and the Sophos engine scans for viruses second.

Refer to the exhibit. A Cisco Webex device on an enterprise network has identified the given STUN round-trip delays in milliseconds to the enterprise Video Mesh clusters and two Webex Cloud Media clusters during the call setup. Which correct sequence of clusters is the client connecting to?

A. US West Coast WCMC. If US West Cost WCMC is full, then Europe WCMC because clients select clusters in the order of SRT delays.

B. DC Europe. If DC Europe is full, DC APAC because clients select on-premises clusters in the order of SRT delays before using cloud resources,

C. DC Europe. If DC Europe is full, US West Coast WCMC because clients select resources in the order of SRT delays but ignore SRTs greater than 250 ms

D. US West Coast WCMC. Clients continuously monitor DC US cluster and reconnect when DC US are available to save bandwidth.

What is the default behavior of any listener for TLS communication?

A. preferred-verify

B. off

C. preferred

D. required

An engineer is deploying an Expressway solution for the SIP domain Cisco.com. Which SRV record should be configured in the public DNS to support inbound
B2B calls?

A. _collab-edge._tls.cisco.com

B. _cisco-uds._tcp.cisco.com

C. _sip._tcp.cisco.com

D. _cuplogin._tcp.cisco.com

Which part of a hybrid cloud-based deployment with Cisco Webex Messenger Service is used for meeting capabilities?

A. Cisco Unified CM is always used for meeting capabilities.

B. Depending on the media flow, the Webex Meeting Center or local Cisco Unified CM meeting resources are used for meeting capabilities.

C. Depending on the origin of the user, the Webex Meeting Center or local Cisco Unified Communications Manager meeting resources are used for meeting capabilities.

D. Cisco Webex Meeting Center is always used for meeting capabilities.

An engineer is configuring Cisco Expressway-E and needs to implement toll fraud prevention. Which configuration meets this requirement?

A. Enable SIP ALG inspection on the network address translation firewall.

B. Enable and configure local call policy.

C. Enable and configure the Expressway-E firewall.

D. Configure the external firewall to block specific IPs.

The CEO added a sender to a safelist but does not receive an important message expected from the trusted sender. An engineer evaluates message tracking on a Cisco ESA and determines that the message was dropped by the antivirus engine. What is the reason for this behavior?

A. End-user safelists apply to antispam engines only.

B. The sender didn’t mark the message as urgent.

C. Administrative access is required to create a safelist.

D. The sender is included in an ISP blocklist.

Refer to the exhibit. When a user tries to sign in to the Cisco Jabber client through Mobile and Remote Access, they receive this error message: “Cannot communicate with the server.” The external DNS server is configured with the SRV records listed in the exhibit.
What is the cause of the issue?

A. The _sips DNS record must target expE-pub.cll-collab.internal and the _cisco-uds DNS record must be removed.

B. The collab-edge DNS record must be added to the DNS server and the _cisco-uds DNS record must be removed.

C. A Cisco CSF device must be configured in UC for the user and the _cisco-uds DNS record must be removed.

D. The HTTP allow list is not allowing communication with the Instant Message and Presence server.

Which describes what could done on the Expressway-E to successfully route calls from Expressway-C on the internal network to the Internet?

A. Application layer gateway could be enabled to bridge the media traffic.

B. A static NAT route could be added to the firewall to bridge the two networks.

C. The Expressway-E could be enabled for Dual-NIC capability.

D. The Expressway-E could be enabled for interworking.

Which Cisco ESA security service is configured only through an outgoing mail policy?

A. antivirus

B. DLP

C. Outbreak Filters

D. AMP

An engineer is configuring an SMTP authentication profile on a Cisco ESA which requires certificate verification.
Which section must be configured to accomplish this goal?

A. Mail Flow Policies

B. Sending Profiles

C. Outgoing Mail Policies

D. Verification Profiles

Users have been complaining of a higher volume of emails containing profanity. The network administrator will need to leverage dictionaries and create specific conditions to reduce the number of inappropriate emails.
Which two filters should be configured to address this? (Choose two.)

A. message

B. spam

C. VOF

D. sender group

E. content

Which antispam feature is utilized to give end users control to allow emails that are spam to be delivered to their inbox, overriding any spam verdict and action on the Cisco ESA?

A. end user allow list

B. end user spam quarantine access

C. end user passthrough list

D. end user safelist

An administrator needs to configure a Cisco ESA to verify that a specific mail server is authorized to send emails for a domain. To reduce overhead, the administrator does not want SSL type encryption or decryption to be used in this process. What must be configured on the Cisco ESA to meet this requirement?

A. DomainKeys Identified Mail

B. PKI signing keys

C. Asymmetric keys

D. Sender Policy Framework

Which two configurations are used on multiple LDAP servers to connect with Cisco ESA? (Choose two.)

A. load balancing

B. SLA monitor

C. active-standby

D. failover

E. active-active

Which protocol should be used to verify the connectivity for different media paths found during a call using ICE?

A. STUN

B. RTP

C. SNMP

D. TURN

Which dial plan component is configured in Expressway-C to route a call to the Cisco UCM?

A. call routing

B. traversal subzone

C. call policy

D. search rule

For a Mobile and Remote Access deployment, which server's certificate must include the Unified registration domain as a Subject Alternate Name?

A. Expressway-C server certificate

B. Cisco Unified Communications Manager server certificate

C. Expressway-E server certificate

D. Expressway-C and Expressway-E server certificate

How are Cisco Webex Video Mesh deployments supported?

A. Video Mesh Dual NIC are supported in demilitarized deployments.

B. Mixed Single NIC and Dual NIC are supported in the same data center deployments.

C. Clustering Video Mesh Nodes over the WAN are supported if Round Trip Time is low.

D. IPv6 and IPv4 deployments are supported for Video Mesh clusters.

When URL logging is configured on a Cisco ESA, which feature must be enabled first?

A. antivirus

B. antispam

C. virus outbreak filter

D. senderbase reputation filter

A company security policy requires that the finance department have an easy way to apply encryption to their outbound messages that contain sensitive data. Users must be able to flag the messages that require encryption versus a Cisco ESA scanning all messages and automatically encrypting via detection. Which action enables this capability?

A. Create an outgoing content filter with no conditions and with the Encrypt and Deliver Now action configured with [SECURE] in the Subject setting.

B. Create a DLP policy manager message action with encryption enabled and apply it to active DLP policies for outgoing mail.

C. Create an encryption profile with [SECURE] in the Subject setting and enable encryption on the mail flow policy.

D. Create an encryption profile and an outgoing content filter that includes [SECURE] within the Subject Header: Contains condition along with the Encrypt and Deliver Now action.

An administrator is deploying Cisco Expressways for Mobile and Remote Access. The registration domain is “example.com”, and the Expressway-E FQDN is “expe.example.com”. Cisco Jabber clients on the internet cannot discover services via DNS lookup. Which SRV records must be configured in the public DNS to allow Service Discovery?

A. _collab-edge._tls.example.com

B. _cisco-uds_tcp.expe.example.com

C. _cisco-uds_tcp.example.com

D. _collab-edge_tls.expe.example.com

An engineer must fix broken SSH tunnels between Expressway-C (192.168.10.5) and Expressway-E (192.168.20.5). The engineer is advised that the packet capture shows the required packets for the SSH tunnels leaving the Expressway-C but not reaching the Expressway-E. Which firewall configuration must the engineer allow to resolve this issue?

A. port 2222 from Expressway-E to Expressway-C

B. port 7001 from Expressway-C to Expressway-E

C. port 7001 from Expressway-E to Expressway-C

D. port 2222 from Expressway-C to Expressway-E

A company has deployed a new mandate that requires all emails sent externally from the Sales Department to be scanned by DLP for PCI-DSS compliance. A new DLP policy has been created on the Cisco ESA and needs to be assigned to a mail policy named ‘Sales’ that has yet to be created.
Which mail policy should be created to accomplish this task?

A. Outgoing Mail Policy

B. Preliminary Mail Policy

C. Incoming Mail Flow Policy

D. Outgoing Mail Flow Policy

Which two steps configure Forged Email Detection? (Choose two.)

A. Configure a content dictionary with executive email addresses.

B. Configure a filter to use the Forged Email Detection rule and dictionary.

C. Configure a filter to check the Header From value against the Forged Email Detection dictionary.

D. Enable Forged Email Detection on the Security Services page.

E. Configure a content dictionary with friendly names.

Which feature must be configured before an administrator can use the outbreak filter for nonviral threats?

A. quarantine threat level

B. antispam

C. data loss prevention

D. antivirus

Refer to the exhibit. An engineer needs to change the existing Forged Email Detection message filter so that it references a newly created dictionary named ‘Executives’.
What should be done to accomplish this task?

A. Change “from” to “Executives”.

B. Change “TEST” to “Executives”.

C. Change “fed” to “Executives”.

D. Change “support” to “Executives”.

Cisco media traversal technology has enabled a secure environment where internal video endpoints call and receive calls from external video endpoints. How does the Expressway-C and Expressway-E communicate?

A. Expressway-C establishes an outgoing request to Expressway-E, enabling the Expressway-E in the DMZ to notify the internal Expressway-C of an incoming call from an external endpoint.

B. Internal endpoints are registered to Expressway-E in the DMZ. Expressway-C, which is also in the DMZ, will receive and make calls on behalf of Expressway- E because they are in the same network.

C. Expressway-E establishes an outgoing request to Expressway-C, enabling the Expressway-C in the DMZ to notify the internal Expressway-E of an incoming call from an external endpoint.

D. Internal endpoints are registered to Expressway-C in the DMZ. Expressway-E, which is also in the DMZ, will receive and make calls on behalf of Expressway- C because they are in the same network.

An engineer is tasked with creating a content filter to catch attachments, including credit card numbers, and hold them for review until further action is taken. Which component on a Cisco ESA must be configured to meet this requirement?

A. Spam Quarantine

B. Outbreak Filter

C. Policy Quarantine

D. Content Filter

When configuring a Cisco Expressway solution and need to design the dial plan with various rules for URIs and numbers coming through the device. To do so, it is important that some dial plan rules are applied in a certain order. When configuring the transform section, you must know the range of the priorities.
Which range is correct?

A. any number in the drop-down menu

B. any number in the dialog box

C. any number between 1-128

D. any number between 1-65534

Within which cache timeline do the Webex App endpoints perform a STUN test to calculate round-trip delay time to available media node clusters?

A. 1 hour

B. 2 hours

C. 4 hours

D. 6 hours

A network administrator is modifying an outgoing mail policy to enable domain protection for the organization. A DNS entry is created that has the public key.
Which two headers will be used as matching criteria in the outgoing mail policy? (Choose two.)

A. message-ID

B. sender

C. URL reputation

D. from

E. mail-from

Refer to the exhibit. Which description of the transformation is true?

A. It converts 4123@exp-name.exp.domain: to 4123@exp.domain

B. It changes all patterns that begin with 4123@exp-name.exp.domain: to 1@exp.domain

C. It changes 413@exp-name.exp.domain: to 413@exp.domain

D. It converts 4.3@exp-name.exp.domain: to 1@exp.domain

When a Cisco Webex Video Mesh Node is configured for an organization, which process does the Webex Teams client use to discover the optimal bridging resource?

A. the lowest STUN round-trip delay to each node and cloud

B. a reachable Video Mesh Node and then overflows to the cloud, if needed

C. the SIP delay header during call setup

D. an HTTPS speed and latency test to each node and the cloud

A network administrator enabled McAfee antivirus scanning on a Cisco ESA and configured the virus scanning action of “scan for viruses only.” If the scanner finds a virus in an attachment for an incoming email, what action will be applied to this message?

A. The attachment is dropped and replaced with a “Removed Attachment” file.

B. The email and attachment are forwarded to the network administrator.

C. The system will attempt to repair the attachment.

D. No repair is attempted, and the attachment is either dropped or delivered.

Which attack is mitigated by using Bounce Verification?

A. spoof

B. denial of service

C. eavesdropping

D. smurf

Which two query types are available when an LDAP profile is configured? (Choose two.)

A. proxy consolidation

B. user

C. recursive

D. group

E. routing

Spreadsheets containing credit card numbers are being allowed to bypass the Cisco ESA.
Which outgoing mail policy feature should be configured to catch this content before it leaves the network?

A. file reputation filtering

B. outbreak filtering

C. data loss prevention

D. file analysis

Which type of query must be configured when setting up the Spam Quarantine while merging notifications?

A. Spam Quarantine Alias Routing Query

B. Spam Quarantine Alias Consolidation Query

C. Spam Quarantine Alias Authentication Query

D. Spam Quarantine Alias Masquerading Query

Refer to the exhibit showing logs from the Expressway-C, a copy of the Expressway-E certificate, and the UC traversal zone configuration for the Expressway-C.
An office administrator is deploying mobile and remote access and sees an issue with the UC traversal zone. The zone is showing `TLS negotiation failure`. What is causing this issue?

A. The Expressway-E certificate includes the Expressway-C FQDN as a SAN entry

B. The Expressway-C is missing the FQDN of Cisco UCM in the Common Name of its certificate

C. In the UC Traversal Zone on the Expressway-C, the peer address is set to the IP of the Expressway-E, which is not a SAN entry in the Expressway-E certificate

D. The Expressway-E does not have the FQDN of Cisco UCM listed as a SAN in its certificate

Which two components must be configured to perform DLP scanning? (Choose two.)

A. Add a DLP policy on the Incoming Mail Policy.

B. Add a DLP policy to the DLP Policy Manager.

C. Enable a DLP policy on the Outgoing Mail Policy.

D. Enable a DLP policy on the DLP Policy Customizations.

E. Add a DLP policy to the Outgoing Content Filter.

Which user management method uses the Webex Directory Connector to add and synchronize users to the Control Hub organization?

A. Synchronize from Active Directory.

B. Synchronize from Azure AD.

C. Synchronize from “Add using People API”.

D. Synchronize from Okta.

An administrator has been tasked to bulk entitle 200 existing users and ensure all future users are automatically configured for the Webex Hybrid Calendar
Service. Which two options should be used to configure these users? (Choose two.)

A. Export a CSV list of users in the Cisco Webex Control Hub, set the Hybrid Calendar Service to TRUE for users to be enabled, then import the file back to Manage Users menu in the Cisco Webex Control Hub.

B. Set up an Auto-Assign template that enables Hybrid Calendar.

C. Select the Hybrid Services settings card in the Cisco Webex Control Hub and import a User Status report that contains only users to be enabled.

D. On the Users tab in the Cisco Webex Control Hub, check the box next to each user who should be enabled, then click the toggle for the Hybrid Calendar service to turn it on.

E. From Cisco Webex Control Hub, verify the domain that your Hybrid Calendar users will use, which automatically activates them for the service.

DRAG DROP
-
Drag and drop the required SAN field items from the left onto the features within the server categories on the right.
 

Which global setting is configured under Cisco ESA Scan Behavior?

A. minimum attachment size to scan

B. attachment scanning timeout

C. actions for unscannable messages due to attachment type

D. minimum depth of attachment recursion to scan

When an Expressway-E is configured for static NAT, which Session Description Protocol attribute is modified to reflect the NAT address?

A. SDP b-line

B. SIP record route

C. SDP c-line

D. SDP m-line

An organization wants to enable a Cisco Webex connector to synchronize all employees automatically with Cisco Webex instead of using a manual list.
Where is the Webex Hybrid Directory Service configured?

A. Install Cisco Directory Connector on a Microsoft Windows Domain server and configure the software and Webex Control Hub.

B. Enable the directory service in Cisco Unified Communications Manager under Cisco Unified Serviceability and add the service in Webex Control Hub.

C. Enable the directory service on Cisco Expressway Edge for Office 365 or Cisco Expressway Core for internal Active Directory and add the service in Webex Control Hub.

D. Install the Cisco Express Connector and configure the device in Cisco Unified Communications Manager under Cisco Unified Serviceability and add the service in Webex Control Hub.

With QoS enabled, which two statements about the Cisco Webex Video Mesh Node signaling and media traffic are true? (Choose two.)

A. From VMN to CUCM SIP endpoints, the source UDP ports from 52500 to 62999 is used for audio traffic.

B. From VMN to Webex Teams clients, the source UDP port 5004 is used for video traffic.

C. From Webex cloud to VMN, the source UDP port 9000 is used for audio traffic.

D. From VMN to video endpoints, the destination UDP port 5004 is used for audio traffic.

E. From VMN to Webex cloud, the destination UDP port 9000 is used for video traffic.

Refer to the exhibit. Calls to locally registered endpoints are failing. At present, there are two endpoints registered locally to this Expressway. An H.323 endpoint with an alias of `EndpointA` is registered, and a SIP endpoint with an alias of `
EndpointB@pod1.local
` is also registered. How is this issue resolved?

A. The dialplan must be redesigned to use the transforms to convert the alias into SIP URI format and then use separate search rules for each format that needs to be dialed within the local zone.

B. The calls are failing because there are insufficient licenses. Additional licenses must be installed for the Expressway to route these calls.

C. The current search rule does not match the call, so the search rule must be modified to include a SIP Variant of ג€Standards-Basedג€.

D. Calling parties are placing calls with the wrong domain. End-users must be instructed not to use the pod1.local domain as that is owned by the local system. Calls to any other domain would work.