Pass the Cisco CCNP Security 350-701 Questions and answers with CertsForce

Explanation

Explanation

Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL). This module identifies and describes concepts that are needed to understand, plan for, and implement a PKI.

A PKI is composed of the following entities: …

– A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs)

Cisco Umbrella and Cisco Duo Security are two solutions that help combat social engineering and phishing at the endpoint level. Cisco Umbrella is a cloud-based security platform that provides DNS-layer security, web filtering, and threat intelligence to protect users from malicious websites and domains. Cisco Duo Security is a multi-factor authentication (MFA) solution that verifies the identity of users and the health of their devices before granting access to applications. Both solutions help prevent attackers from compromising endpoints and stealing credentials or data through phishing or other social engineering techniques. References:

Cisco Umbrella

Cisco Duo Security

Implementing and Operating Cisco Security Core Technologies (SCOR) - Module 3: Cloud and Content Security

 PAC files are scripts that tell web browsers how to use proxies on the network. They use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host, based on criteria such as the destination URL, the source IP address, or the network subnet12. The WSA can host PAC files on port 9001 by default, and this port can be changed in the PAC file hosting settings2. If the WSA host port is changed, the default port does not redirect web traffic to the correct port automatically; the browser needs to point to the new port in the PAC file URL2. The WSA does not host PAC files on port 6001 by default2. PAC files do not direct traffic through a proxy when the PC and the host are on the same subnet by default; this behavior depends on the PAC file logic12. References:

PAC file format

PAC file hosting on WSA

A mobile device management (MDM) solution is a software tool that helps organizations manage, secure, and monitor mobile devices such as smartphones, tablets, and laptops. Some of the benefits of using an MDM solution are:

A. grants administrators a way to remotely wipe a lost or stolen device: This feature allows administrators to erase all the data and settings on a device that is lost or stolen, preventing unauthorized access to sensitive information. This can also help comply with data protection regulations and policies12

E. allows for centralized management of endpoint device applications and configurations: This feature enables administrators to control the applications and settings on the devices, such as enforcing security policies, installing or updating software, configuring network access, and restricting device features. This can help improve productivity, performance, and compliance of the devices13

Other benefits of using an MDM solution are:

B. provides simple and streamlined login experience for multiple applications and users: This feature allows users to access multiple applications and services with a single sign-on (SSO) or multi-factor authentication (MFA) mechanism, reducing the hassle of remembering and entering multiple credentials. This can also enhance security and user satisfaction4

C. native integration that helps secure applications across multiple cloud platforms or on-premises environments: This feature allows applications to leverage the native security features of the devices, such as encryption, biometric authentication, and device attestation. This can also help protect the applications from malware, tampering, and data breaches across different environments.

D. encrypts data that is stored on endpoints: This feature allows data to be encrypted at rest and in transit on the devices, preventing unauthorized access or interception of the data. This can also help comply with data protection regulations and policies.

References := 1: Mobile Device Management (MDM): What is MDM & why do Businesses need it? - Business Tech Weekly 2: Top 10 Benefits of Mobile Device Management (MDM) - TechFunnel 3: What are the Benefits of Mobile Device Management? - knowledgenile 4: Mobile Device Management (MDM) - Cisco : Mobile Application Management (MAM) - Cisco : Mobile Device Security - Cisco

Explanation

Explanation

A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only

supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.

Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.

You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.

Explanation

Cisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations – before a connection is ever made. Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent. Cisco Umbrella roaming protects your employees even when they are off the VPN.

MDM stands for Mobile Device Management, which is a system that performs compliance checks and remote wiping on mobile devices. MDM allows administrators to enforce security policies, monitor device status, and remotely manage devices in case of loss, theft, or compromise. MDM can also integrate with other Cisco security solutions, such as ISE, AMP, and Umbrella, to provide enhanced protection and visibility for mobile devices. References:

Mobile Device Management (MDM) - Cisco

Implementing and Operating Cisco Security Core Technologies (SCOR) - Module 5: Secure Network Access

Cisco CloudLock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. CloudLock’s simple, open, and automated approach uses APIs to manage the risks in your cloud app ecosystem. With CloudLock you can more easily combat data breaches while meeting compliance regulations1.

Cisco CloudLock provides the following features that meet the requirements of visibility into data transfers as well as protection against data exfiltration:

User security: Cloudlock uses advanced machine learning algorithms to detect anomalies based on multiple factors. It also identifies activities outside allowed countries and spots actions that seem to take place at impossible speeds across distances1.

Data security: Cloudlock’s data loss prevention (DLP) technology continuously monitors cloud environments to detect and secure sensitive information. It provides countless out-of-the-box policies as well as highly tunable custom policies. It also supports inline and out-of-band data inspection and blocking capabilities to protect sensitive data12.

App security: The Cloudlock Apps Firewall discovers and controls cloud apps connected to your corporate environment. You can see a crowd-sourced Community Trust Rating for individual apps, and you can ban or allowlist them based on risk1.

The other solutions do not provide the same level of visibility and protection as Cisco CloudLock:

Cisco Umbrella is a cloud-delivered network security service that provides DNS-layer security, secure web gateway, cloud-delivered firewall, cloud access security broker, and threat intelligence3. It does not offer data security features such as DLP, data inspection, and data blocking4.

Cisco AppDynamics Cloud Monitoring is a cloud-native application performance management solution that helps you monitor, troubleshoot, and optimize your cloud applications. It does not offer user security, data security, or app security features as a CASB solution.

Cisco Stealthwatch is a network traffic analysis solution that provides visibility and threat detection across your network, endpoints, and cloud. It does not offer data security features such as DLP, data inspection, and data blocking.

 3: Cisco Umbrella Packages - Cisco Umbrella 1: Cisco Cloudlock - Cisco 2: Cisco Cloudlock Cisco Cloudlock: Secure Cloud Data 4: Easy to Deploy & Simple to Manage CASB Solution - Cisco Umbrella : Cisco AppDynamics Cloud Monitoring : Cisco Stealthwatch - Cisco

REST stands for Representational State Transfer, which is an architectural style for designing web services. RESTful web services use HTTP as the application protocol and support the standard HTTP methods, such as GET, PUT, POST, and DELETE, to perform CRUD (Create, Read, Update, Delete) operations on resources. Cisco DNA Center exposes its functionality through a set of RESTful APIs that allow external applications to interact with the network controller and automate various tasks. The RESTful architecture used within Cisco DNA Center has the following characteristics12:

It is simple, extensible, and secure to use. The APIs are based on open standards and use JSON as the data format. The APIs also support HTTPS for secure communication and authentication.

It is stateless, meaning that each request contains all the information necessary to process it, and the server does not store any session or client state. This improves scalability and performance of the web services.

It is resource-oriented, meaning that each API endpoint represents a logical entity or a resource that can be manipulated by the HTTP methods. For example, the /dna/intent/api/v1/network-device endpoint represents the network devices resource, and the GET method can be used to retrieve the list of network devices from Cisco DNA Center.

It is uniform, meaning that the same interface and conventions are used across all the APIs. For example, the APIs use the same authentication mechanism, error handling, pagination, filtering, and sorting parameters. References:

1: Introduction to Cisco DNA Center REST APIs - Cisco DevNet Learning Labs

2: Cisco DNA Center Platform User Guide, Release 2.2.3

Cisco Identity Services Engine (ISE) uses various probes to collect attributes of connected endpoints, such as device type, operating system, IP address, MAC address, and so on. These attributes are used to profile the endpoints and assign them to appropriate identity groups and policies. Two of the probes that can be configured to gather attributes of connected endpoints using Cisco ISE are RADIUS and DHCP.

RADIUS probe: The RADIUS probe collects attributes from the RADIUS packets that are exchanged between the network access devices (NADs) and the ISE Policy Service Nodes (PSNs) during the authentication and authorization process. The RADIUS probe can extract attributes such as username, calling-station-ID, NAS-IP-address, NAS-port-type, service-type, and so on. The RADIUS probe can also collect attributes from the RADIUS accounting packets that are sent by the NADs to the ISE PSNs after the session is established. The RADIUS probe can extract attributes such as session-ID, framed-IP-address, acct-session-time, and so on. The RADIUS probe is enabled by default and does not require any additional configuration on the NADs or the ISE PSNs.

DHCP probe: The DHCP probe collects attributes from the DHCP packets that are exchanged between the endpoints and the DHCP server during the IP address assignment process. The DHCP probe can extract attributes such as hostname, vendor-class-identifier, client-identifier, parameter-request-list, and so on. The DHCP probe can also collect attributes from the DHCP relay packets that are forwarded by the NADs to the ISE PSNs. The DHCP probe can extract attributes such as relay-agent-information and subscriber-ID. The DHCP probe requires some configuration on the NADs and the ISE PSNs. The NADs must be configured to relay or copy the DHCP packets to the ISE PSNs, and the ISE PSNs must be configured to receive the DHCP packets on a specific interface.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_assetvisibility_endpointprofiler.html

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_00.html

Cisco FTDv is a virtual appliance that combines the features of Cisco ASA and Cisco Firepower NGIPS. It provides stateful firewall, IPS, URL filtering, malware protection, and other advanced security functions. Cisco ASAv is a virtual appliance that only provides stateful firewall and VPN features. It does not support URL filtering or other Firepower functions. Therefore, Cisco FTDv provides more features than ASAv, especially for next-generation firewall capabilities. References :=

Cisco Firewall in AWS - Should i use ASAv or FTDv/FMCv?

Difference between Cisco ASAv, NGIPSv and FTDv…?

Are there any differences in features between Cisco ASA hardware …

Full Context Awareness - policy enforcement

NGIPS - threat prevention

AMP - real-time

Collective Sec Intel - Detection, blocking an remediation

Explanation

Ping of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash,

destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.

A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered,

and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol documented

Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before

transmission. However, when the target computer reassembles the malformed packet, a buffer overflow can occur, causing a system crash and potentially allowing the injection of malicious code.

Contextual awareness is the ability to collect and analyze information about the network environment, such as users, devices, applications, threats, and vulnerabilities, and use it to enhance security policies and actions. Cisco Firepower is a network security device that supports contextual awareness by providing real-time visibility into network traffic and activity, security intelligence from Cisco Talos and other sources, and advanced threat protection with Cisco AMP and sandboxing. Cisco Firepower can also leverage Cisco pxGrid to share contextual data with other security solutions, such as SIEM and TD platforms, to enable faster and more accurate threat detection and response123 References := 1: Cisco Firepower NGIPS Data Sheet - Cisco 2: Cisco Identity Services Engine with Integrated Security Information and Event Management and Threat Defense Platforms At-a-Glance - Cisco 3: A Visibility-Driven Approach to Next-Generation Firewalls