Cisco 350-701 Practice Test - Questions Answers, Page 23

Maybe the "newly installed service" in this Qmentions about Advanced Malware Protection (AMP) which can be used along with ESA. AMP allows superior protection across the attack continuum.

+ File Reputation – captures a fingerprint of each file as it traverses the ESA and sends it to AMP's cloudbased intelligence network for a reputation verdict. Given these results, you can automatically block malicious files and apply administrator-defined policy.

+ File Analysis – provides the ability to analyze unknown files that are traversing the ESA. A highly secure sandbox environment enables AMP to glean precise details about the file's behavior and to combine that data with detailed human and machine analysis to determine the file's threat level.

This disposition is then fed into AMP cloud-based intelligence network and used to dynamically update and expand the AMP cloud data set for enhanced protection

NetFlow is a network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated by NetFlow-enabled routers and switches. The flows do not contain actual packet data, but rather the metadata for communications. It is a standard form of session data that details who, what, when, and where of network traffic -> Answer A is not correct.

Reference: https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/enterprisenetwork-security/white-paper-c11-736595.html

The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:

Prevents the following:

+ Attacks that use compromised accounts and social engineering.

+ Phishing, ransomware, zero-day attacks and spoofing.

+ BEC with no malicious payload or URL.

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5/user_guide/b_ESA_Admin_Guide_13-5/m_advanced_phishing_protection.html

We should scan emails using AntiVirus signatures to make sure there are no viruses attached in emails.

Note: A virus signature is the fingerprint of a virus. It is a set of unique data, or bits of code, that allow it to be identified. Antivirus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine, and remove the virus.

SenderBase is an email reputation service designed to help email administrators research senders, identify legitimate sources of email, and block spammers. When the Cisco ESA receives messages from known or highly reputable senders, it delivers them directly to the end user without any content scanning. However, when the Cisco ESA receives email messages from unknown or less reputable senders, it performs antispam and antivirus scanning.

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_0100100.html-> Therefore Outbreak filters can be used to block emails from bad mail servers.

Web servers and email gateways are generally located in the DMZ so

Note: The recipient access table (RAT), not to be confused with remote-access Trojan (also RAT), is a Cisco ESA term that defines which recipients are accepted by a public listener.

Cisco's DNA Center is the only centralized network management system to bring all of this functionality into a single pane of glass.

Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dnacenter/nb-06- dna-center-faq-cte-en.html

In this IaaS model, cloud providers offer resources to users/machines that include computers as virtual machines, raw (block) storage, firewalls, load balancers, and network devices.

Note: Cloud access security broker (CASB) provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware such as ransomware.

As the new device does not have a supplicant, we cannot use 802.1X.

MAC Authentication Bypass (MAB) is a fallback option for devices that don't support 802.1x. It is virtually always used in deployments in some way shape or form. MAB works by having the authenticator take the connecting device's MAC address and send it to the authentication server as its username and password. The authentication server will check its policies and send back an Access-Accept or Access- Reject just like it would with 802.1x.

Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of profiles. These profiles include a wide range of device types, including mobile clients (iPads, Android tablets, Chromebooks, and so on), desktop operating systems (for example, Windows, Mac OS X, Linux, and others), and numerous non-user systems such as printers, phones, cameras, and game consoles.

Once classified, endpoints can be authorized to the network and granted access based on their profile. For example, endpoints that match the IP phone profile can be placed into a voice VLAN using MAC Authentication Bypass (MAB) as the authentication method. Another example is to provide differentiated network access to users based on the device used. For example, employees can get full access when accessing the network from their corporate workstation but be granted limited network access when accessing the network from their personal iPhone.

Reference: https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/tap/3739456

To configure an NTP enabled router to require authentication when other devices connect to it, use the following commands:

NTP_Server(config)#ntp authentication-key 2 md5 securitytut

NTP_Server(config)#ntp authenticate

NTP_Server(config)#ntp trusted-key 2

Then you must configure the same authentication-key on the client router:

NTP_Client(config)#ntp authentication-key 2 md5 securitytut

NTP_Client(config)#ntp authenticate

NTP_Client(config)#ntp trusted-key 2

NTP_Client(config)#ntp server 10.10.10.1 key 2

Note: To configure a Cisco device as a NTP client, use the command ntp server <IP address>. For example:

Router(config)#ntp server 10.10.10.1. This command will instruct the router to query 10.10.10.1 for the time.