300-740 Exam Dumps - Cisco CCNP Security Questions and Answers

The provided JSON-like policy structure shows a segmentation rule with action "BLOCK" and filters referencing the HTTPS Consumer and HTTPS Provider. However, to block HTTP, you must define the protocol explicitly in the parameters. The attribute “l4_params” is currently empty. According to Cisco Secure Workload best practices (SCAZT Section 4: Application and Data Security, Pages 88–91), Layer 4 parameters (l4_params) must be used to specify protocols such as HTTP or port 80. Without defining HTTP here, the policy does not apply to HTTP traffic.

Based on the alert of “Geographically Unusual Remote Access” from Secure Cloud Analytics and the SSH logs from foreign IPs, this device (linux-gcp-east-4c) has likely been compromised. According to SCAZT Section 6: Threat Response (Pages 114–117):

B: Isolating/quarantining the host is an immediate incident response step to prevent lateral movement and data exfiltration.

E: A firewall rule blocking inbound SSH to the GCP VM from external sources would be the appropriate access control response to prevent recurrence.

Options A and C (reinstallation) may be used later during recovery but are not immediate containment steps. Blocking outgoing SSH (Option D) is less relevant than restricting inbound SSH in this scenario.

The policy includes three rules under the Apps scope. Rule #1 allows HR to communicate with IT on TCP port 23 (Telnet), but it is marked as “Default.” Rule #2 denies the same HR-to-IT Telnet traffic and is marked as “Absolute,” which takes precedence over any default rule. In Cisco Secure Workload (Tetration), an “Absolute” rule will override both “Default” and inherited rules. Therefore, even though there’s an allow in Rule #1, the deny in Rule #2 prevents HR from using Telnet to connect to IT.

According to the SCAZT documentation, web application firewalls (WAFs) designed to protect against zero-day Distributed Denial of Service (DDoS) attacks leverage adaptive and behavioral-based algorithms. These algorithms dynamically analyze traffic patterns, baseline normal behavior, and detect anomalies that could indicate novel or zero-day attacks. Unlike signature-based detection, adaptive and behavioral methods adjust in real-time to emerging threats, learning from ongoing traffic without relying on pre-defined rules. This proactive approach enables rapid detection and mitigation of unknown DDoS vectors, critical for cloud and network security where threats evolve constantly.

Cisco Telemetry Broker (CTB) is designed to act as an intermediary that filters, enriches, and routes telemetry data—such as NetFlow, Syslog, and SNMP—across various tools. It optimizes resource usage by preventing overload and ensures only relevant telemetry is forwarded to appropriate analytics platforms.

The SCAZT guide (Section 5: Visibility and Assurance, Pages 93–95) describes CTB’s role in applying filters and transformations to raw telemetry data to enhance visibility and reduce noise.

Rule 3 allows all traffic (including SSH) from 10.1.0.0/30 during the hours of 18:00–08:00, which directly conflicts with Rule 1 that is intended to deny SSH at those same hours. Since firewall rules are evaluated top-down and Rule 3 allows traffic during the exact period where SSH should be blocked, deleting Rule 3 will allow Rule 1 to apply correctly.

This behavior is explained in SCAZT Section 3 (Network and Cloud Security, Pages 72–75), where rule precedence and time-based evaluation logic are discussed.

After Cloudlock is integrated with Salesforce, full visibility into objects and data requires that Cloudlock has the “View All Data” permission enabled on the connected Salesforce account. This permission allows the Cloudlock API connection to access all user data, regardless of individual field-level or sharing rules. Without it, Cloudlock will be limited in its visibility scope.

As per SCAZT (Section 4: Application and Data Security, Pages 86–89), integration with SaaS platforms like Salesforce must include enabling comprehensive data visibility to perform effective risk analysis and policy enforcement.