An engineer is configuring a Cisco Email Security Appliance (ESA) and chooses "Preferred" as the settings for TLS on a HAT Mail Flow Policy. Which result occurs?.
A. TLS is allowed for outgoing connections to MTAs. Connection to the listener require encrypted Simple Mail Transfer Protocol conversations
B. TLS is allowed for incoming connections to the listener from MTAs, even after a STARTTLS command received
C. TLS is allowed for incoming connections to the listener from MTAs. Until a STARTTLS command received, the ESA responds with an error message to every command other than No Option, EHLO, or QUIT.
D. TLS is allowed for outgoing connections to the listener from MTAs. Until a STARTTLS command received, the ESA responds with an error message to every command other than No Option (NOOP), EHLO, or QUIT.
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118954-config-esa-00.html
Preferred:
TLS is allowed for incoming connections to the listener from Message Transfer Agents (MTAs).
Required:
TLS is allowed for incoming connections to the listener from MTAs, and until a STARTTLS
command is received, the ESA responds with an error message to every command other than
No Option (NOOP), EHLO, or QUIT.
As you stated B is the correct answer
The first three lines of your answer imply answer C. Answer B and C are similar.
TLS is allowed for incoming connections to the listener from MTAs, and until
a STARTTLS command is received, the appliance responds with an error message
to every command other than NOOP , EHLO , or QUIT .
B Preferred TLS is allowed for incoming connections to the listener from MTAs.
Required TLS is allowed for incoming connections to the listener from MTAs, and until
a STARTTLS command is received, the appliance responds with an error message
to every command other than NOOP , EHLO , or QUIT . This behavior is specified
by RFC 3207, which defines the SMTP Service Extension for Secure SMTP
over Transport Layer Security. “Requiring” TLS means that email which the
sender is not willing to encrypt with TLS will be refused by the appliance before
it is sent, thereby preventing it from be transmitted in the clear.