Which of the following tasks does CASE on an ESA not perform when detecting a possible threat? (Select the
best answer.)
A.
checking the reputation of the email sender
B.
scanning the content of the email message
C.
analyzing the email message’s call to action
D.
analyzing how the message is constructed
E.
checking the reputation of the email receiver
Explanation:
The Cisco Context Adaptive Scanning Engine (CASE) on an Email Security Appliance (ESA) does not check
the reputation of the email receiver when detecting a possible threat. CASE is a technology that is intended to
detect email threats as they are received.
CASE check the reputation of an email sender. As part of this process, CASE submits the email sender to the
Cisco SenderBase Network, which contains data on hundreds of thousands of email networks. The sender is
assigned a score based on this information.
CASE scans the content of the email message, including the message’s call to action. The content of the email
messaging could contain language, links, or a call to action that is indicative of a phishing scam.
CASE analyzes how the message is constructed. For example, the message might be constructed in such away so that it appears to be from a given type of email client. An email message that appears to be from a
Microsoft Outlook client might not actually have been sent by using Microsoft Outlook.Cisco: Secure solutions for advanced email threats (PDF)
Cisco: User Guide for AsyncOS 11.0 for Cisco Email Security Appliances: Context Adaptive Scanning Engine