Cisco 350-701 Practice Test - Questions Answers, Page 20

Cisco Firepower NGFW Virtual (NGFWv) is the virtualized version of Cisco's Firepower next generation firewall.

The Cisco NGFW virtual appliance is available in the AWS and Azure marketplaces. In AWS, it can be deployed in routed and passive modes. Passive mode design requires ERSPAN, the Encapsulated Remote Switched Port Analyzer, which is currently not available in Azure.

In passive mode, NGFWv inspects packets like an Intrusion Detection System (IDS) appliance, but no action can be taken on the packet.

In routed mode NGFWv acts as a next hop for workloads. It can inspect packets and also take action on the packet based on rule and policy definitions.

Reference: https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtualappliance-asav/ white-paper-c11-740505.html

Depending on your company policy, you might be able to use your mobile phones, tablets, printers, Internet radios, and other network devices on your company's network. You can use the My Devices portal to register and manage these devices on your company's network.

Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/mydevices/b_mydevices_2x.html

To understand DHCP snooping we need to learn about DHCP spoofing attack first.

DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients.

The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".

The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.

DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.

The port connected to a DHCP server should be configured as trusted port with the "ip dhcp snooping trust" command. Other ports connecting to hosts are untrusted ports by default.

In this question, we need to configure the uplink to "trust" (under interface Gi1/0/1) as shown below.

A certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate.

Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) that the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key

Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely.

It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.

Cisco Security Manager provides a comprehensive management solution for:

– Cisco ASA 5500 Series Adaptive Security Appliances

– Cisco intrusion prevention systems 4200 and 4500 Series Sensors

– Cisco AnyConnect Secure Mobility Client

Reference: https://www.cisco.com/c/en/us/products/security/security-manager/index.html

Cisco Advanced Phishing Protection provides sender authentication and BEC detection capabilities. It uses advanced machine learning techniques, real-time behavior analytics, relationship modeling, and telemetry to protect against identity deception-based threats.

Reference: https://docs.ces.cisco.com/docs/advanced-phishing-protection

Cisco FTD devices, Cisco Firepower devices, and the Cisco ASA FirePOWER modules can be managed by the Firepower Management Center (FMC), formerly known as the FireSIGHT Management Center -> Answer D is not correct

Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide Note: The ASA FirePOWER module runs on the separately upgraded ASA operating system "You cannot use an FMC to manage ASA firewall functions."

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepowercompatibility.htmlThe Cisco Secure Firewall Threat Defense Manager (Firepower Management Center) increases theeffectiveness of your Cisco network security solutions by providing centralized, integrated, andstreamlined management.

Reference: https://www.cisco.com/c/en/us/products/collateral/security/firesight-managementcenter/datasheetc78-736775.html