Pass the Cisco CCNP Security 350-701 Questions and answers with CertsForce

https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-a-glance-c45-736555.pdf

Explanation

Domain name system (DNS) is the protocol that translates human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13. Because DNS messages are only used as the beginning of each communication and they are not intended for data transfer, many organizations do not monitor their DNS traffic for malicious activity. As a result, DNS-based attacks can be effective if launched against their networks. DNS tunneling is one such attack.

An example of DNS Tunneling is shown below:

The attacker incorporates one of many open-source DNS tunneling kits into an authoritative DNSnameserver (NS) and malicious payload.2. An IP address (e.g. 1.2.3.4) is allocated from the attacker’s infrastructure and a domain name (e.g. attackerdomain.com) is registered or reused. The registrar informs the top-level domain (.com) nameservers to refer requests for attackerdomain.com to ns.attackerdomain.com, which has a DNS record mapped to 1.2.3.43. The attacker compromises a system with the malicious payload. Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, P028X977W,…).4. The payload initiates thousands of unique DNS record requests to the attacker’s domain with each string as

 To configure the Cisco ASA via ASDM for SNMPv3, the administrator needs to perform two main tasks: specify an SNMP user group and add an SNMP USM entry. An SNMP user group defines the access level and security model for a group of SNMP users. An SNMP USM entry defines the authentication and encryption parameters for a specific SNMP user. These two tasks are required for SNMPv3 because it uses a user-based security model (USM) that provides secure access to the MIB objects. SNMPv3 does not use a community string, which is a shared password used by SNMPv1 and SNMPv2c. The SNMP manager and UDP port are optional parameters that can be specified to customize the SNMP communication. The SNMP host access entry is also optional and can be used to restrict the access of SNMP hosts to specific interfaces or networks. References :=

Some possible references are:

SNMP Configuration, Verification and Troubleshooting on ASA

How to configure SNMP v3 on Cisco Switch, Router, ASA, Nexus

SNMP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Explanation

Explanation

When supporting personal devices on a corporate network, you must protect network services and enterprise

data by authenticating and authorizing users (employees, contractors, and guests) and their devices. Cisco ISE

provides the tools you need to allow employees to securely use personal devices on a corporate network.

Guests can add their personal devices to the network by running the native supplicant provisioning (Network

Setup Assistant), or by adding their devices to the My Devices portal.

Because native supplicant profiles are not available for all devices, users can use the My Devices portal to add

these devices manually; or you can configure Bring Your Own Device (BYOD) rules to register these devices.

A passphrase is a type of protection that encrypts RSA keys when they are exported and imported. A passphrase is a sequence of characters that the user enters to decrypt the key. The passphrase acts as a symmetric key that is used to encrypt and decrypt the RSA key with a symmetric algorithm, such as AES. This way, the RSA key is protected from unauthorized access or tampering when it is transferred or stored. A passphrase can also provide additional security by adding entropy to the RSA key generation process. A file, NGE, and nonexportable are not types of protection that encrypt RSA keys when they are exported and imported. A file is a container that stores the RSA key, but does not encrypt it. NGE stands for Next Generation Encryption, which is a set of cryptographic standards and algorithms that Cisco recommends, but it is not a specific type of protection. Nonexportable is a property that prevents the RSA key from being exported at all, but it does not encrypt it. References: RSA/Schannel Key BLOBs, Common Encryption Types, Protocols and Algorithms Explained, Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 (Module 5: Implementing Secure Communications with VPNs, Lesson 5.1: Implementing Site-to-Site VPNs, Topic 5.1.2: Implementing Site-to-Site VPNs with Pre-Shared Keys)

Explanation

Explanation

Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and

scalability needs.

Cisco FMC is assigned the role of a client in the pxGrid ecosystem. A client is a partner that subscribes to the contextual data published by other partners or by ISE. A client can also publish its own data, but it does not have to. A client can use the contextual data to enforce security policies, perform threat analysis, or provide visibility. Cisco FMC can subscribe to various topics from ISE or other partners, such as user identity, session directory, endpoint profile, SGT mapping, threat events, or vulnerability assessment. Cisco FMC can also publish its own threat events to ISE or other partners. Cisco FMC can use the contextual data to apply access control rules, correlation policies, or network discovery policies based on the attributes of the users, endpoints, or sessions12.

The other options are not correct because they are not the roles assigned for Cisco FMC. A server is a partner that publishes contextual data to other partners or to ISE. A server can also subscribe to data, but it does not have to. A server can provide valuable information about the network, such as device inventory, configuration, or compliance. An example of a server is Cisco Prime Infrastructure3. A controller is the core component of the pxGrid ecosystem that manages the communication, authentication, and authorization between the partners. The controller is always ISE, and it is responsible for creating and maintaining the pxGrid domain, distributing the certificates, and facilitating the data exchange4. A publisher is a partner that publishes contextual data to other partners or to ISE, but does not subscribe to any data. A publisher can provide useful information about the network, such as security events, alerts, or incidents. An example of a publisher is Cisco Stealthwatch. References :=

Integrate FMC with ISE using pxGrid | Blue Network Security

How To: Integrate Firepower Management Center (FMC) 6 … - Cisco Community

Cisco Prime Infrastructure and ISE pxGrid Integration - Cisco

pxGrid Overview - Cisco

[Cisco Stealthwatch and ISE pxGrid Integration - Cisco]

Explanation

In deceptive phishing, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.

Spear phishing is carefully designed to get a single recipient to respond. Criminals select an individual target within an organization, using social media and other public information – and craft a fake email tailored for that person.

Explanation

Protect sensitive content in outgoing emails with Data Loss Prevention (DLP) and easy-to-use email

encryption, all in one solution.

Cisco Email Security appliance can now handle incoming mail connections and incoming messages from

specific geolocations and perform appropriate actions on them, for example:

– Prevent email threats coming from specific geographic regions.

– Allow or disallow emails coming from specific geographic regions.

Flood attacks are a type of denial-of-service (DoS) attacks that aim to saturate the bandwidth or resources of a target by sending a large number of packets or requests. Flood attacks can be classified into different categories based on the protocol or layer they target, such as ICMP, UDP, TCP SYN, HTTP, DNS, etc. Flood attacks can also be distributed (DDoS) if they involve multiple sources of attack traffic, such as compromised devices or servers123. References := 1: Denial of Service - OWASP Cheat Sheet Series 2: What is a denial-of-service (DoS) attack? | Cloudflare 3: Types of DOS attacks - GeeksforGeeks

Explanation

Explanation

The ASA and ASASM implementations of NetFlow Secure Event Logging (NSEL) provide the following major functions:

…

– Delays the export of flow-create events.