Which two steps configure Forged Email Detection? (Choose two.)

Which two steps configure Forged Email Detection? (Choose two.)
A . Configure a content dictionary with executive email addresses.
B . Configure a filter to use the Forged Email Detection rule and dictionary.
C . Configure a filter to check the Header From value against the Forged Email Detection dictionary.
D . Enable Forged Email Detection on the Security Services page.
E . Configure a content dictionary with friendly names.

View Answer

Answer: BE

Explanation:

Forged Email Detection is a feature that allows Cisco ESA to detect and block messages that spoof the display names of internal senders in the From header, such as executives or managers, to trick recipients into opening malicious or fraudulent emails.

To configure this feature, two steps are required:

Configure a content dictionary with friendly names of internal senders that should not appear in the From header of external messages, such as Alpha Beta or John Smith.

Configure a filter to use the Forged Email Detection rule and dictionary, which will compare the display name in the From header of incoming messages with the entries in the content dictionary, and apply the configured action if a match is found.

Reference: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 9-8.