350-701 Exam Dumps - Cisco CCNP Security Questions and Answers

 Retrospective security is a feature of Cisco AMP that enables continuous analysis and alerting of files and network activity, even after the initial point of inspection. It allows an engineer to look back in time and trace the processes, file activities, and communications of an endpoint that was infected by malware. This helps to understand the full extent of an infection, establish root causes, and perform remediation. Retrospective security is different from endpoint isolation, advanced search, and advanced investigation, which are other features of Cisco AMP that provide different capabilities. Endpoint isolation allows an engineer to isolate an endpoint from the network to prevent further spread of malware. Advanced search allows an engineer to query the AMP cloud database for information about files, endpoints, events, and trajectories. Advanced investigation allows an engineer to perform deep analysis of files and endpoints using Cisco Secure Malware Analytics (formerly Threat Grid). References :=

Some possible references are:

Malware Defense with Cisco Secure Firewall Data Sheet

Best Practice Guide for Advanced Malware Protection (AMP) on Cisco Email Security

Malware Protection - Cisco AMP Advanced Malware Protection

Explanation

The ASA and ASASM implementations of NetFlow Secure Event Logging (NSEL) provide a stateful, IP flow tracking method that exports only those records that indicate significant events in a flow.

The significant events that are tracked include flow-create, flow-teardown, and flow-denied (excluding those flows that are denied by EtherType ACLs).

Cisco AMP for Endpoints is a next generation endpoint security solution that provides prevention, detection, and response capabilities. One of its functions is to automate threat responses of an infected host by isolating it from the network, blocking malicious files, and removing them from all endpoints. This reduces the time and effort required to contain and remediate a threat, and prevents further damage or data loss. According to the source book, Cisco AMP for Endpoints can perform the following automated responses1:

Endpoint Isolation: This feature allows you to isolate an endpoint from the network if it is compromised or infected. This prevents the endpoint from communicating with other devices or servers, and stops the spread of malware or exfiltration of data. You can isolate an endpoint manually from the console, or automatically based on a policy or a detection. You can also restore the network connectivity of an isolated endpoint when it is safe to do so.

File Blocking: This feature allows you to block a file from executing on any endpoint if it is deemed malicious or suspicious. You can block a file manually from the console, or automatically based on a policy or a detection. You can also unblock a file if it is a false positive or no longer a threat.

File Removal: This feature allows you to remove a file from any endpoint if it is malicious or unwanted. You can remove a file manually from the console, or automatically based on a policy or a detection. You can also restore a file from quarantine if it is a false positive or needed for analysis.

 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 6: Endpoint Protection and Detection, Lesson 6.2: Cisco AMP for Endpoints, Topic 6.2.3: Automated Responses.

The kind of API that is used with Cisco DNA Center to provision SSIDs, QoS policies, and update software versions on switches is the Intent API. The Intent API is a category of APIs that allows users to express their desired network outcomes or intents, such as creating a site, adding a device, or deploying a network profile. The Intent API then translates these intents into specific network configurations and commands, and applies them to the relevant network devices and services. The Intent API simplifies and automates the network provisioning and management process, and enables users to focus on the business objectives rather than the technical details. Some examples of Intent APIs are:

Site Management API: This API allows users to create, update, delete, and retrieve sites and buildings in Cisco DNA Center. A site is a logical grouping of network devices and services that share common characteristics, such as location, policies, or functions. A site can have one or more buildings, and a building can have one or more floors. Sites are used to organize and manage the network hierarchy and topology.

Network Settings API: This API allows users to configure and manage network-wide settings, such as global credentials, network discovery, IP address pools, DHCP and DNS servers, and SNMP settings. These settings are applied to all network devices and services that are managed by Cisco DNA Center.

Network Profile API: This API allows users to create, update, delete, and retrieve network profiles in Cisco DNA Center. A network profile is a collection of network settings and policies that define how a network segment or service should operate, such as SSIDs, QoS policies, security policies, and device roles. Network profiles are used to standardize and simplify the network configuration and deployment process, and to ensure consistency and compliance across the network.

Software Image Management API: This API allows users to manage the software images and versions of network devices that are managed by Cisco DNA Center. Users can import, export, delete, and retrieve software images, as well as assign them to network devices or device groups. Users can also schedule and monitor software image updates, and view the software image compliance status of network devices.

Explanation

Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory, energy and bandwidth savings and is thus better suited forsmall devices.

Explanation

Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.

 Cisco AMP for Endpoints provides next-generation protection by leveraging an endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities. EPP is a set of multifaceted prevention techniques that stop threats from compromising endpoints, such as behavioral analytics, machine learning, and signature-based methods. EDR is a set of powerful features that reduce the attack surface and remediate faster, such as advanced threat hunting, endpoint isolation, and dynamic malware analysis. Cisco AMP for Endpoints also integrates with SecureX, a built-in platform that offers extended detection and response (XDR) capabilities across multiple control points, such as network, cloud, email, and web. By combining EPP, EDR, and XDR, Cisco AMP for Endpoints delivers a comprehensive and resilient endpoint security solution that can detect, respond, and recover from sophisticated attacks. References:

Cisco Secure Endpoint (Formerly AMP for Endpoints) - Cisco

Cisco Secure Endpoint (Formerly AMP for Endpoints) - Cisco

Cisco Secure Endpoint (Formerly AMP for Endpoints) - Cisco

 TACACS+ is a protocol that provides authentication, authorization, and accounting (AAA) services for network devices. Unlike RADIUS, which only supports authorization at the user level, TACACS+ supports authorization at the command level. This means that TACACS+ can verify the permissions of the network administrator for every command that is entered, and allow or deny access accordingly. This provides more granular and secure control over network resources and operations. EAPOL, SSH, and RADIUS are not protocols that can provide command-level authorization for AAA. References :=

Some possible references are:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 1: Security Concepts, Lesson 1.2: Network Security Devices and Cloud Services, Topic 1.2.3: AAA

350-701 SCOR - Cisco, Exam Topics, 1.0 Security Concepts, 1.2 Compare network security solutions, 1.2.a AAA

What Is AAA Security? | Fortinet, Authentication, Authorization, and Accounting (AAA)