Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 579

The security team has installed a Cisco Secure Email Gateway. During setup, a large number of email messages containing the string "abcde1111111111" are being blocked. The security team wants to investigate and determine if the emails are part of a phishing or malware attack. Which configuration step must the security team apply?

Answer options

• A. Implement a policy to only allow email from trusted to the network senders.
• B. Apply a policy to route all blocked emails to a separate quarantine folder.
• C. Configure sender domain reputation policy to check if sender email domain is known to be malicious.
• D. Configure a policy to disable spam filtering in order to expedite email delivery.

Correct answer: B

Explanation

The correct answer is B because routing blocked emails to a quarantine folder allows the security team to review and analyze them without risking further exposure to potential threats. Option A does not directly address the investigation of blocked emails, C is more about proactive measures than analyzing current blocks, and D would increase risks by allowing potentially harmful emails to be delivered.