Which of the following can be detected by the Cisco ESA CASE? (Select 2 choices.)

A.
snowshoe spam

B.
phishing attacks

C.
DDoS attacks

D.
MAC spoofing attacks

E.
DNS poisoning attacks

Explanation:
A Cisco Email Security Appliance (ESA) is designed to protect against email threats, such as malware
attachments, phishing scams, and spam. The Cisco Context Adaptive Scanning Engine (CASE) on an ESA is a
contextual analysis technology that is intended to detect email threats as they are received. CASE checks the
reputation of email senders, scans the content of email messages, and analyzes the construction of email
messages. As part of this process, CASE submits the email sender to the Cisco SenderBase Network, which
contains data on hundreds of thousands of email networks. The sender is assigned a score based on this
information. The content of the email messaging is scanned because it could contain language, links, or a call
to action that is indicative of a phishing scam.
Snowshoe spammers establish many false company names and identities, often with unique post office
addresses and telephone numbers, so that reputation filters do not perceive the source of the spam as a threat.
In addition, the spam output is spread across multiple IP addresses and domain names in order to defeat
blacklists.
Phishing is a social engineering technique in which a malicious person uses a seemingly legitimate electronic
communication, such as email or a webpage, in an attempt to dupe a user into submitting personal information,
such as a Social Security number (SSN), account login information, or financial information. To mitigate the
effects of a phishing attack, users should use email clients and web browsers that provide phishing filters. In
addition, users should also be wary of any unsolicited email or web content that requests personal information.
The CASE on a Cisco ESA appliance is capable of detecting phishing scams.
The Cisco ESA CASE does not protect against Distributed Denial of Service (DDoS) attacks. A DDoS attack is
a coordinated Denial of Service (DoS) attack that uses multiple attackers to target a single host. For example, a
large number of zombie hosts in a botnet could flood a target device with packets.
The Cisco ESA CASE does not protect against Media Access Control (MAC) spoofing attacks. A MAC spoofing
attack uses the MAC address of another host on the network in order to bypass port security measures.
The Cisco ESA CASE does not protect against Domain Name System (DNS) poisoning attacks. DNS poisoningis an attack that modifies the DNS cache by providing invalid information. In a DNS poisoning attack, a
malicious user attempts to exploit a DNS server by replacing the IP addresses of legitimate hosts with the IP
address of one or more malicious hosts.

Cisco: Cisco Email Security Appliance Data Sheet
Spamhaus: Frequently Asked Questions (FAQ): Snowshoe Spamming