Pass the Cisco CCNP Security 350-701 Questions and answers with ValidTests

 Mobile Device Management (MDM) is a solution that allows an organization to manage, monitor, and secure mobile devices such as smartphones, tablets, and laptops. MDM provides two main advantages to an organization with regards to device management:

Asset inventory management: MDM helps an organization keep track of all the mobile devices that are connected to its network, including their location, status, configuration, and usage. MDM also enables an organization to remotely wipe or lock devices that are lost, stolen, or compromised, preventing data loss and unauthorized access. Asset inventory management helps an organization optimize its resources, reduce costs, and comply with regulations12.

Allowed application management: MDM allows an organization to control what applications can be installed and run on the mobile devices, as well as how they can access and share data. MDM can also push updates and patches to the devices, ensuring that they are always running the latest and most secure versions of the applications. Allowed application management helps an organization enhance security, productivity, and performance of the mobile devices34.

 1: 7 Advantages and Disadvantages of Mobile Device Management [2024] 2: 5 Benefits of Mobile Device Management - ESET 3: Top 10 Benefits of Mobile Device Management (MDM) - TechFunnel 4: Benefits of Mobile Device Management (MDM) for Businesses

Cisco AMP for Endpoints is a solution that enables protection, detection, and response on the endpoint against known and unknown threats. It provides continuous visibility and analysis of endpoint activity, as well as automated threat prevention and response capabilities. It leverages cloud-based intelligence, sandboxing, and machine learning to block malware, fileless attacks, ransomware, and other advanced threats. It also allows security teams to quickly investigate and remediate incidents, as well as hunt for indicators of compromise across all endpoints. Cisco AMP for Endpoints is part of the Cisco SecureX platform, which integrates with other Cisco security solutions to provide a unified and simplified security experience. The other options are not correct because they do not offer the same level of endpoint protection, detection, and response as Cisco AMP for Endpoints. Cisco AnyConnect is a VPN solution that provides secure access to the network for remote workers, but it does not monitor or respond to endpoint threats. Cisco Umbrella is a DNS security solution that blocks malicious domains, IPs, and URLs, but it does not analyze or remediate endpoint activity. Cisco Duo is a multi-factor authentication solution that verifies the identity of users and devices, but it does not protect or detect endpoint attacks. References :=

Some possible references are:

Cisco AMP for Endpoints

Cisco SecureX

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 - Module 5: Endpoint Protection and Detection

 NetFlow is a protocol that collects and exports information about network traffic flows. NetFlow Version 9 is the latest version supported by the Cisco ASA 5500 Series firewall. To enable NetFlow on the ASA, you need to perform two main tasks: define a NetFlow collector and apply NetFlow exporter to an interface. A NetFlow collector is a device or application that receives and processes the NetFlow records sent by the ASA. You can define a NetFlow collector by using the flow-export command, which specifies the IP address, port number, and interface of the collector. A NetFlow exporter is a configuration that determines which traffic flows are monitored and exported by the ASA. You can apply NetFlow exporter to an interface by using the Modular Policy Framework (MPF), which allows you to create class maps and policy maps to match and act on interesting traffic. You can use the flow-export event-type option in the policy map to select the NetFlow events that you want to export. The other options (B, C, and D) are not required or correct for enabling NetFlow on the ASA. You do not need to create an ACL to allow UDP traffic on port 9996, because the ASA uses a random high port number to send NetFlow records to the collector. You do not need to apply NetFlow exporter to the outside interface in the inbound direction, because you can apply it to any interface and direction that you want to monitor. You do not need to create a class map to match interesting traffic, because the ASA monitors all traffic flows by default, unless you filter them by using the flow-export filters command. References:

Cisco Secure Firewall ASA NetFlow Implementation Guide, section “About NSEL”

Cisco Secure Firewall ASA NetFlow Implementation Guide, section “Configure NSEL Collectors (CLI)”

Cisco Secure Firewall ASA NetFlow Implementation Guide, section “Configure Flow-Export Actions Through Modular Policy Framework”

Configuring NetFlow on ASA with ASDM, section “Enabling NetFlow on ASA”

Explanation

The data plane of any network is responsible for handling data packets that are transported across the network.

(The data plane is also sometimes called the forwarding plane.)

Maybe this Qwants to ask about the encryption and authentication in the data plane of a SD-WAN network (but SD-WAN is not a topic of the SCOR 350-701 exam?).

In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a symmetrickey algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming packets. Each router periodically generates an AES key for its data path (specifically, one key per TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP route updates.

Endpoint security is the process of protecting devices like workstations, servers, and other devices from malicious threats and cyberattacks. Endpoint security enables businesses to secure endpoints that employees use for work purposes or servers that are either on a network or in the cloud. Endpoint security is important because every device that connects to the corporate network is a potential vulnerability, providing a possible entry point for cyber criminals. Therefore, every device an employee uses to connect to any business system or resource carries the risk of becoming the chosen route for hacking into an organization. These devices can be exploited by malware that could leak or steal sensitive data from the business12.

One of the benefits of endpoint security is that it allows the organization to detect and mitigate threats that the perimeter security devices do not detect. Perimeter security devices, such as firewalls and intrusion prevention systems, are designed to protect the network from external attacks. However, they may not be able to prevent or detect attacks that originate from within the network, such as insider threats, compromised devices, or lateral movement. Endpoint security solutions can provide visibility and control over the devices that connect to the network, and can monitor, analyze, and respond to suspicious or malicious activities on the endpoints. Endpoint security solutions can also leverage threat intelligence and advanced analytics to identify and block known and unknown threats, such as ransomware, zero-day exploits, and targeted attacks13. References := 1: What is Endpoint Security? How Does It Work? | Fortinet 2: Microsoft Defender for Endpoint | Microsoft Security 3: Endpoint Security - Check Point Software

PFS stands for Perfect Forward Secrecy, which is a property of some cryptographic protocols that ensures that the compromise of a long-term key does not affect the security of past or future sessions. PFS provides the highest level of protection against brute-force attacks, because even if an attacker manages to break the long-term key, they cannot decrypt the previous or subsequent communications that use different session keys. PFS is achieved by using ephemeral or temporary keys that are derived from a Diffie-Hellman key exchange, and are not based on the long-term key. Therefore, each session has a unique and independent key that is not stored or reused. PFS is supported by some protocols such as TLS, SSH, and IPsec123. References := 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4: Securing Networks with Cisco Firepower Next Generation IPS, Lesson 4.1: Deploying Cisco Firepower Next-Generation IPS, Topic 4.1.2: Cisco Firepower NGIPS Device Management 2: What is Perfect Forward Secrecy? | Baeldung on Computer Science4 3: Perfect Forward Secrecy - an overview | ScienceDirect Topics5

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. This means that the ASA acts as a proxy between the Cisco IP Phone and the Cisco Unified Communications Manager (UCM), decrypting, inspecting, and re-encrypting the voice signaling traffic. To do this, the ASA needs to have the certificates of the devices that the phone trusts, such as the UCM servers and the TFTP servers. These certificates are stored in a Certificate Trust List (CTL) file that the phone downloads from the UCM before registration. Therefore, the ASA must be added to the CTL file on the UCM platform, so that the phone can verify the identity of the ASA as a proxy. The other options are not relevant for this scenario. The Endpoint Trust List is a list of certificates that the UCM trusts for encrypted endpoints. The Enterprise Proxy Service is a feature that allows the UCM to route calls to and from the public switched telephone network (PSTN) through a SIP proxy server. The Secured Collaboration Proxy is a feature that allows the UCM to encrypt the media streams between endpoints using Secure Real-Time Transport Protocol (SRTP). References :=

Cisco Secure Firewall ASA Unified Communications Guide - TLS Proxy for Encrypted Voice Inspection

TLS Proxy for Encrypted Voice Inspection - Cisco

Where must the ASA be added on the Cisco UC Manager platform?

Explanation

Explanation

The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:

+ Shell code execution: Looks for the patterns used by shell code.

+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.

+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.

Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.

+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).

+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login

methods.

+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.

+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is

accessed by which user.

+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.

The difference between GRE over IPsec and IPsec with crypto map is that GRE (Generic Routing Encapsulation) over IPsec can encapsulate and transport non-IP protocols across an IP network, whereas IPsec with crypto map is typically used for IP traffic. GRE tunnels wrapped in IPsec provide a way to transport multicast traffic and other protocol types across an IPsec VPN, offering greater flexibility in the types of traffic that can be secured.

MDM stands for Mobile Device Management, which is a system that performs compliance checks and remote wiping on mobile devices. MDM allows administrators to enforce security policies, monitor device status, and remotely manage devices in case of loss, theft, or compromise. MDM can also integrate with other Cisco security solutions, such as ISE, AMP, and Umbrella, to provide enhanced protection and visibility for mobile devices. References:

Mobile Device Management (MDM) - Cisco

Implementing and Operating Cisco Security Core Technologies (SCOR) - Module 5: Secure Network Access

two-factor authentication. Two-factor authentication (2FA) is a security measure that requires users to provide two pieces of evidence to verify their identity before accessing SaaS-based applications1. These pieces of evidence can be something the user knows (such as a password or a PIN), something the user has (such as a smartphone or a token), or something the user is (such as a fingerprint or a face scan)1. 2FA enhances the security of SaaS-based applications by making it harder for attackers to compromise login credentials and gain unauthorized access to sensitive data and resources2. The other options are not correct because they are not sufficient to secure SaaS-based applications. Modular policy framework (MPF) is a feature of Cisco ASA that allows administrators to create and apply security policies to traffic flows3. However, MPF alone cannot protect SaaS-based applications from web-based threats or data breaches. Application security gateway (ASG) is a device that provides firewall, intrusion prevention, and content filtering services for web applications4. However, ASG cannot prevent credential theft or account takeover attacks that target SaaS-based applications. End-to-end encryption (E2EE) is a method of encrypting data in transit and at rest, so that only the sender and the receiver can decrypt it. However, E2EE cannot prevent unauthorized access to SaaS-based applications if the encryption keys are compromised or stolen. References:

1: What is Two-Factor Authentication (2FA)?

2: How to Secure Your SaaS Applications

3: Modular Policy Framework Overview

4: What is an Application Security Gateway?

: What is End-to-End Encryption?

Explanation

Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control.

The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.