Cisco 350-701 Practice Test - Questions Answers, Page 24

Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control.

The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.

Reference: https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy

The Southbound API is used to communicate between Controllers and network devices.

You can configure discovery rules to tailor the discovery of host and application data to your needs.

The Firepower System can use data from NetFlow exporters to generate connection and discovery events, and to add host and application data to the network map.

A network analysis policy governs how traffic is decoded and preprocessed so it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt -> Answer D is not correct.

The command crypto isakmp key cisco address 1.2.3.4 authenticates the IP address of the 1.2.3.4 peer by using the key cisco. The address of "0.0.0.0" will authenticate any address with this key

The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:

+ Shell code execution: Looks for the patterns used by shell code.

+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.

+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.

Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.

+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).

+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.

+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.

+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.

+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration

Analytics platform.

Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetrationanalytics/whitepaper-c11-740380.html

You can also bring up the port by using these commands:

+ The "shutdown" interface configuration command followed by the "no shutdown" interface configuration command restarts the disabled port.

+ The "errdisable recovery cause …" global configuration command enables the timer to automatically recover error-disabled state, and the "errdisable recovery interval interval" global configuration command specifies the time to recover error-disabled state.

Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.

Answer C is not correct because the statement "Cross-site Scripting is when executives in a corporation are attacked" is not true. XSS is a client-side vulnerability that targets other application users.

Answer D is not correct because the statement "Cross-site Scripting is an attack where code is executed from the server side". In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client's side.

Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.

Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

How To Troubleshoot ISE Failed Authentications & Authorizations

Check the ISE Live Logs

Login to the primary ISE Policy Administration Node (PAN).

Go to Operations > RADIUS > Live Logs

(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications Check for Any Failed Authentication Attempts in the Log

Reference: https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-faile-dauthenticationsamp/ta-p/3630960

The following are the prerequisites to integrate Active Directory with Cisco ISE.

+ Use the Network Time Protocol (NTP) server settings to synchronize the time between the Cisco ISE server and Active Directory. You can configure NTP settings from Cisco ISE CLI.

+ If your Active Directory structure has multidomain forest or is divided into multiple forests, ensure that trust relationships exist between the domain to which Cisco ISE is connected and the other domains that have user and machine information to which you need access. For more information on establishing trust relationships, refer to Microsoft Active Directory documentation.

+ You must have at least one global catalog server operational and accessible by Cisco ISE, in the domain to which you are joining Cisco ISE.

Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-

0/ise_active_directory_integration/ b_ISE_AD_integration_2x.html#reference_8DC463597A644A5C9CF5D582B77BB24F