350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Application visibility and control (AVC) is a solution that leverages multiple technologies to recognize, analyze, and control over 1000 applications, including voice and video, email, file sharing, gaming, peer-to-peer (P2P), and cloud-based applications1. One of the key components of AVC is application recognition, which uses stateful deep packet inspection (DPI) to identify applications within the network traffic flow, using L3 to L7 data2. DPI is a technique that examines the content of packets beyond the header information, and can classify applications based on their signatures, protocols, ports, or other attributes3. DPI enables AVC to monitor and control application performance, bandwidth usage, quality of service, and security policies4. References := 1: Cisco Application Visibility and Control (AVC) - Cisco 2: Cisco Application Visibility and Control User Guide - Technology Overview 3: What is application visibility and control? | Juniper Networks US 4: Application visibility and control - Secure Internet Access Enterprise

 Cisco NBAR2 is a classification engine that recognizes and classifies a wide variety of protocols and applications based on their deep packet inspection (DPI) signatures. NBAR2 enables the platform to identify and output various applications within the network traffic flows, such as web, email, voice, video, and so on. NBAR2 also supports custom protocols and applications, allowing the platform to classify traffic based on user-defined criteria. NBAR2 helps the platform to apply the appropriate quality of service (QoS), security, and policy for each application or protocol. References :=

Some possible references are:

Cisco NBAR2

Classifying Network Traffic Using NBAR

Next Generation NBAR (NBAR2)

 Cisco Firepower is a unified security solution that combines firewall, intrusion prevention system (IPS), advanced malware protection (AMP), and threat intelligence features. Cisco ASA is a traditional firewall that focuses on network traffic control based on packet filtering and stateful inspection. One of the key differences between Cisco Firepower and Cisco ASA is that Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not. Intrusion prevention is the process of detecting and blocking malicious network traffic before it reaches the intended target. Cisco Firepower uses a combination of signature-based and behavior-based detection methods to identify and stop known and unknown attacks. Cisco ASA, on the other hand, does not have built-in intrusion prevention capabilities. It can only perform basic packet inspection and filtering based on predefined rules. To enable intrusion prevention on Cisco ASA, an additional module called FirePOWER Services is required. This module integrates Cisco Firepower features into Cisco ASA, but it is not the same as Cisco Firepower itself. Cisco Firepower offers more advanced and integrated security features than Cisco ASA with FirePOWER Services123. References: 1: Cisco ASA vs Cisco Firepower | What are the differences? - StackShare 2: Cisco FTD vs ASA: Difference and Comparison 3: CISCO FIREPOWER VS. ASA - Critical Design

Explanation

Explanation

Cisco’s DNA Center is the only centralized network management system to bring all of this functionality into a single pane of glass.

Threat intelligence is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems. Threat intelligence is the result of collecting, analyzing, and contextualizing data from various sources, such as network traffic, logs, feeds, reports, etc. Threat intelligence provides insights into the tactics, techniques, and procedures (TTPs) of adversaries, as well as their motivations, intentions, and capabilities. Threat intelligence can help organizations to detect, prevent, and respond to cyberattacks, as well as to improve their security posture and resilience12. The other options are not correct, because they are not terms for having information about threats and threat actors. Trusted automated exchange is a concept that refers to the sharing of threat intelligence among trusted entities in a timely and secure manner3. Indicators of Compromise (IoCs) are pieces of forensic data, such as IP addresses, domains, hashes, etc., that indicate a potential intrusion or compromise of a system or network. The Exploit Database is a public repository of exploits and vulnerable software, maintained by Offensive Security. References:

1: What is Cyber Threat Intelligence? - Cisco

2: Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

3: Trusted Automated Exchange of Intelligence Information (TAXIIâ„¢) Version 2.0

[4]: What Are Indicators of Compromise (IOCs)? - Cisco

[5]: The Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

The cause of this issue is that NTP authentication is not enabled on the router. The commands shown in the exhibit only define the authentication key and mark it as trusted, but they do not enable NTP authentication globally or on a per-peer basis. To enable NTP authentication globally, the command ntp authenticate must be used. To enable NTP authentication on a per-peer basis, the command ntp server ip-address key key-id or ntp peer ip-address key key-id must be used, where key-id is the same as the one defined by the ntp authentication-key command. Without enabling NTP authentication, any device can synchronize time with this router, regardless of whether it has the same authentication key or not.

The other options are incorrect because:

The key was configured in plain text, but this is not the cause of the issue. Although it is recommended to use the ntp authentication-key key-id md5 key [encrypted] command to encrypt the key, using plain text does not prevent NTP authentication from working, as long as the same key is configured on both the router and the peer.

The hashing algorithm that was used was MD5, which is supported by NTP. MD5 is the default algorithm for NTP authentication and it can be used with any key length from 1 to 16 characters. Other algorithms, such as SHA and SHA1, are also supported by NTP if the OpenSSL library is installed, but they are not required for NTP authentication to work.

The router was not rebooted after the NTP configuration updated, but this is not necessary for NTP authentication to take effect. NTP authentication is applied immediately after the configuration commands are entered, and no reboot is required.