350-701 Exam Dumps - Cisco CCNP Security Questions and Answers

Explanation

With Cisco pxGrid (Platform Exchange Grid), your multiple security products can now share data and work together. This open, scalable, and IETF standards-driven platform helps you automate security to get answers and contain threats faster.

Flood attacks are a type of denial-of-service (DoS) attacks that aim to saturate the bandwidth or resources of a target by sending a large number of packets or requests. Flood attacks can be classified into different categories based on the protocol or layer they target, such as ICMP, UDP, TCP SYN, HTTP, DNS, etc. Flood attacks can also be distributed (DDoS) if they involve multiple sources of attack traffic, such as compromised devices or servers123. References := 1: Denial of Service - OWASP Cheat Sheet Series 2: What is a denial-of-service (DoS) attack? | Cloudflare 3: Types of DOS attacks - GeeksforGeeks

DNS tunneling is a technique that uses the DNS protocol to exfiltrate data or establish command and control channels between a compromised host and an attacker-controlled server. DNS tunneling can bypass network security controls that allow outbound DNS traffic without inspection or filtering. To stop DNS tunneling, two recommended approaches are:

Enforce security over port 53. This means applying firewall rules, access control lists, or other mechanisms to restrict outbound DNS traffic to only authorized DNS servers and domains. Additionally, DNS traffic should be inspected and analyzed for anomalies, such as unusually large or frequent queries, non-standard encoding, or suspicious domains. This can help detect and block DNS tunneling attempts.

Use Cisco Umbrella. Cisco Umbrella is a cloud-based security service that provides DNS security, web filtering, and threat intelligence. Cisco Umbrella can prevent DNS tunneling by blocking malicious domains, enforcing policies based on content categories, and applying machine learning to identify and stop emerging threats. Cisco Umbrella can also provide visibility and reporting on DNS activity and security events.

References :=

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 5: Securing the Cloud, Lesson 5.2: DNS Security

What Is DNS Tunneling? - Palo Alto Networks

An Introduction to DNS Tunneling Detection & Data Exfiltration via DNS - Vercara

The exhibit shows an access rule for URL filtering that has the following conditions:

The action is Block

The URL category is Botnets

The URL reputation is 3

The URL list is empty

This means that the rule will block any URL that matches the category and reputation criteria, regardless of the individual URL. According to the Cisco documentation1, the URL reputation is a score from 1 to 5 that indicates the risk level of a URL, where 1 is the most risky and 5 is the least risky. Therefore, a reputation score of 3 means a moderate risk level. The rule will not block URLs for botnets with reputation scores of 1, 2, 4, or 5, nor will it block any other URL category or list. The rule will also not allow any URL, as the action is Block, not Allow.

References := 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4: Securing the Cloud, Lesson 4.3: Cloud Application Security, Topic 4.3.2: Cisco Umbrella, page 4-58.

 Cl/CD pipelining is a method of software development that aims to deliver software faster and more reliably by automating the process of integrating, testing, and deploying code changes. Cl stands for continuous integration, which means that every code change is merged into a shared repository and verified by automated tests. CD stands for continuous delivery, which means that the code is always in a deployable state and can be released to production environments with minimal human intervention. Cl/CD pipelining enables developers to collaborate more effectively, detect and fix errors earlier, and deliver value to customers more frequently. Cl/CD pipelining is a key practice of DevOps, a culture and set of processes that bridge the gap between development and operations teams. References: 

https://www.redhat.com/en/topics/devops/what-cicd-pipeline

https://about.gitlab.com/topics/ci-cd/cicd-pipeline/

Explanation

Only in On-site (on-premises) and IaaS we (tenant) manage O/S (Operating System).

Explanation

The Firepower System uses network discovery and identity policies to collect host, application, and user data

for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive

map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and

respond to the vulnerabilities and exploits to which your organization is susceptible.

You can configure your network discovery policy to perform host and application detection.

Explanation

"configure INTRUSION RULES for DNP3" -> Documentation states, that enabling INTRUSION RULES is mandatory for CIP to work + required preprocessors (in Network Access Policy - NAP) will be enabled automatically:

"If you want the CIP preprocessor rules listed in the following table to generate events, you MUST enable them. See Setting Intrusion Rule States for information on enabling rules."

"If the Modbus, DNP3, or CIP preprocessor is disabled, and you enable and deploy an intrusion rule that requires one of these preprocessors, the system automatically uses the required preprocessor, with its current settings, although the preprocessor remains disabled in the web interface for the corresponding network analysis policy."

[1] https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/scada_preprocessors.html

The Cisco WSA can participate in the Cisco SensorBase Network, which is a threat management database that collects and shares data from Cisco security products. By participating in the SensorBase Network, the WSA can receive web reputation scores and URL categories for the requested web content, and also contribute data to improve the accuracy and efficacy of the service. The data that the WSA sends to the SensorBase Network servers includes information about request attributes and how the appliance handles requests. However, to protect the privacy and confidentiality of the users and the organization, the WSA does not send the complete URL, but only the summarized server-name information and the MD5-hashed path information. The MD5 hash is a one-way encryption algorithm that converts the path information into a fixed-length string that cannot be reversed. This way, the SensorBase Network can identify the URL without revealing the actual content or parameters of the request. The WSA also does not send any personal or confidential information such as usernames and passwords, or any information about HTTPS transactions, except for the IP address, web reputation score, and URL category of the server name in the certificate. The SensorBase Network Participation is enabled by default, but it can be disabled by the administrator if desired123. References: 3: Web Base Network Participation (WBNP) and Sender Base Network Participation (SBNP) - Cisco 2: User Guide for AsyncOS 15.0 for Cisco Secure Web Appliance - GD (General Deployment) - Introduction 1: User Guide for AsyncOS 12.0 for Cisco Web Security Appliances - GD (General Deployment) - Introduction

 Platform as a Service (PaaS) is a cloud service model that delivers and manages all the hardware and software resources to develop applications through the cloud. The service provider is responsible for the infrastructure, middleware, runtime, and operating system, while the customer only has to focus on the application and data. PaaS enables the customer to avoid the hassle of patching, updating, or maintaining the operating system, as well as the underlying hardware and network12. Infrastructure as a Service (IaaS) is a cloud service model that delivers on-demand infrastructure resources, such as compute, storage, networking, and virtualization, to the customer via the cloud. The service provider hosts and manages the infrastructure, but the customer is responsible for the operating system, middleware, virtual machines, and any apps or data. IaaS requires the customer to handle the patch management of the operating system, as well as the security and configuration of the virtual machines34. References := 1: Use platform as a service (PaaS) options - Azure Architecture Center 2: What is Platform-as-a-Service (PaaS)? - Cloudflare 3: PaaS vs IaaS vs SaaS: What’s the difference? | Google Cloud 4: SaaS vs PaaS vs IaaS: What’s The Difference & How To Choose – BMC Software | Blogs