350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Explanation

Explanation

The Cisco Application Visibility and Control (AVC) solution leverages multiple technologies to recognize,

analyze, and control over 1000 applications, including voice and video, email, file sharing, gaming, peer-to-peer

(P2P), and cloud-based applications. AVC combines several Cisco IOS/IOS XE components, as well as

communicating with external tools, to integrate the following functions into a powerful solution…

Patching helps to mitigate vulnerabilities by applying fixes or updates to software or firmware that have known security flaws. Vulnerabilities can be exploited by cybercriminals to compromise the confidentiality, integrity, or availability of the IT systems and data. Patching endpoints consistently reduces the risk of cyberattacks and data breaches by closing the gaps that attackers can use to gain unauthorized access or cause damage. Patching also improves the performance and functionality of the IT systems by addressing bugs or errors12.

Option B is the correct answer, as it explains the main benefit of patching endpoints consistently. Option A is incorrect, as patching does not necessarily reduce the attack surface of the infrastructure, which is the total number of possible entry points for an attacker. Patching only addresses the existing vulnerabilities in the software or firmware, but does not eliminate the attack surface itself. Option C is incorrect, as patching is not always required per the vendor contract, although some vendors may provide support or incentives for patching. Option D is incorrect, as patching does not allow for creating a honeypot, which is a decoy system that is intentionally left vulnerable to lure and trap attackers. References: Patch Management Overview, Challenges, and Recommendations. Patch Management Explained: Challenges, Best Practices & Steps.

 A CI/CD pipeline is a process of automating the development, testing, and deployment of software applications. A CI/CD pipeline typically involves multiple tools and stages, such as source code management, build automation, testing, security scanning, and deployment. To secure a CI/CD pipeline, one of the best practices is to avoid hardcoding secrets in config files and CI/CD build tools, and instead use a secure access solution that can authenticate and authorize the access to the pipeline resources.

Duo Network Gateway is a cloud-based solution that provides secure access to internal web applications without requiring a VPN or modifying firewall rules. Duo Network Gateway integrates with Duo’s two-factor authentication (2FA) service to verify the identity of users and devices before granting access to the web applications. Duo Network Gateway also supports single sign-on (SSO) and identity federation with various identity providers, such as Active Directory, Azure AD, Google, and Okta.

By using Duo Network Gateway, you can leverage a CI/CD pipeline without exposing your internal web applications to the internet or compromising security. Duo Network Gateway can protect access to your source code repositories, build servers, testing tools, and deployment platforms. You can also enforce granular access policies based on user roles, device health, location, and time. Duo Network Gateway can help you achieve compliance with industry standards and regulations, such as PCI DSS, HIPAA, and GDPR.

The other options are not as suitable for securing access to a CI/CD pipeline as Duo Network Gateway. A remote access client is a software that allows users to connect to a remote network or server, such as a VPN client. However, a VPN client may not provide sufficient security for a CI/CD pipeline, as it may expose the entire network to potential attacks, or require complex firewall configurations and network segmentation. A VPN client may also introduce performance and reliability issues, as it depends on the quality and availability of the network connection.

SSL WebVPN is a feature of Cisco Adaptive Security Appliance (ASA) that allows users to access web-based resources securely over SSL/TLS. SSL WebVPN can provide secure access to web applications, email, file shares, and other network services. However, SSL WebVPN may not be able to support all the tools and stages of a CI/CD pipeline, as some of them may require non-web protocols, such as SSH, RDP, or VNC. SSL WebVPN may also require additional licenses and hardware resources to support a large number of concurrent users and connections.

Cisco FTD network gateway is a unified platform that combines the features of Cisco ASA and Cisco Firepower. Cisco FTD network gateway can provide firewall, intrusion prevention, malware protection, and VPN services. Cisco FTD network gateway can also integrate with Cisco Identity Services Engine (ISE) to provide identity-based access control and visibility. However, Cisco FTD network gateway may not be the best solution for securing access to a CI/CD pipeline, as it may require complex network design and deployment, and may not support all the CI/CD tools and protocols. Cisco FTD network gateway may also incur additional costs and maintenance efforts.

References := : Secure CI/CD Pipelines: Best Practices for Managing CI/CD Secrets : Duo Network Gateway | Duo Security : VPN vs. Duo Network Gateway | Duo Security : SSL VPN Deployment Guide for Cisco ASA - Cisco : Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7 - VPN Overview [Cisco Firepower NGFW]

Explanation

Explanation

How To Troubleshoot ISE Failed Authentications & Authorizations

Check the ISE Live Logs

Login to the primary ISE Policy Administration Node (PAN).

Go to Operations > RADIUS > Live Logs

(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports >

Endpoints and Users > RADIUS Authentications

Check for Any Failed Authentication Attempts in the Log

Defanging is the process of modifying a URL in a message to prevent it from being clickable. This can help protect users from malicious links that have a low URL reputation score. Defanging is one of the actions that can be configured in the Incoming Content Filter on the Cisco ESA. The other actions are Quarantine, FilterAction, and ScreenAction. Quarantine sends the message to a quarantine area for further inspection. FilterAction applies a predefined action such as drop, bounce, or deliver. ScreenAction displays a warning message to the user before allowing them to access the URL. Defanging is the only action that disables the links in the message without affecting the delivery or visibility of the message12. References: 1: URL Filtering on the Cisco IronPort ESA – Mikail’s Blog 2: Configure URL Filtering for Secure Email Gateway and Cloud Gateway - Cisco