350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Microsegmentation is a technique that divides a network into smaller segments or zones, each with its own security policies and controls. This helps to isolate and protect workloads and applications from each other, and limit the lateral movement of threats within the network. Microsegmentation can be applied to different platforms and environments, such as virtual machines, containers, cloud services, and endpoints. Microsegmentation can also improve the visibility and enforcement of network traffic, as well as the performance and scalability of security solutions.

In the context of applications or containers on the same node, microsegmentation can limit the communication between them by enforcing granular policies based on attributes such as identity, context, and behavior. For example, microsegmentation can restrict which ports, protocols, or services are allowed for each application or container, and block any unauthorized or malicious traffic. Microsegmentation can also prevent the exposure of sensitive data or resources to other applications or containers on the same node, or to external attackers who may compromise one of them.

Container orchestration, microservicing, and Software-Defined Access are not directly related to limiting the communication between applications or containers on the same node. Container orchestration is a process of managing the lifecycle, deployment, and scaling of containers across a cluster of nodes. Microservicing is an architectural style of developing applications as a collection of loosely coupled, independent, and modular services. Software-Defined Access is a network architecture that abstracts the network infrastructure from the network policies, and enables consistent and secure access to any application or service across any domain. References:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 5: Securing the Cloud, Lesson 5.1: Describing Cloud Computing and Deployment Models, Topic 5.1.4: Microsegmentation

What Is Micro-Segmentation? - Cisco

Communicating With Docker Containers on the Same Machine - Baeldung on Ops

Proxy caching is a method that enables a proxy server to save recent and frequent website/webpage requests and data requested by one or more client machines. It reduces latency, eases bandwidth consumption, and ensures content is served more swiftly to the end-user12. WSA (Web Security Appliance) is a Cisco product that provides proxy caching functionality, along with other web security features such as malware protection, URL filtering, and data loss prevention3. Firepower, FireSIGHT, and ASA are other Cisco products that do not provide proxy caching, but rather focus on different aspects of network security, such as threat detection, management, and firewall . References:

What is Proxy Caching? | StackPath

What Is Proxy Caching? | Definition & Overview | NinjaOne

Cisco Web Security Appliance Data Sheet

[Cisco Firepower NGFW Data Sheet]

[Cisco FireSIGHT Management Center Data Sheet]

[Cisco ASA 5500-X Series Firewalls Data Sheet]

 Multi-factor authentication (MFA) is a method of verifying a user’s identity by requiring two or more factors, such as something the user knows (e.g. password), something the user has (e.g. token), or something the user is (e.g. biometric). MFA can prevent or mitigate some common types of cyberattacks that rely on stealing or guessing a user’s credentials, such as phishing and brute force attacks12

Phishing is an attack where an attacker sends a fraudulent email or message that appears to come from a legitimate source, such as a bank or a government agency, and tries to trick the user into clicking on a malicious link or attachment, or providing their credentials or personal information34 MFA can prevent phishing attacks by requiring an additional factor of authentication that the attacker cannot obtain from the phishing email or message, such as a one-time password (OTP) sent to the user’s phone or email, or a biometric verification such as a fingerprint or face scan56

Brute force is an attack where an attacker tries to guess a user’s password by systematically trying different combinations of characters, words, or phrases until they find the correct one. MFA can prevent brute force attacks by requiring an additional factor of authentication that the attacker cannot guess, such as a physical token or a push notification that the user has to approve.

 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 course overview 2: What Type of Attacks Does MFA Prevent? | OneLogin 3: 5 Multi-Factor Authentication Vulnerabilities and How to Resolve Them 4: FBI warns about attacks that bypass multi-factor authentication (MFA) 5: Defend your users from MFA fatigue attacks - Microsoft Community Hub 6: What type of attacks does Multi-Factor Authentication prevent? : How to Prevent Brute Force Attacks | Cloudflare : Brute Force Attack - an overview | ScienceDirect Topics : Multi-factor authentication - Wikipedia : Multi-factor authentication fatigue attacks are on the rise: How to defend against them | CSO Online

Explanation

Cisco ISE can determine the type of device or endpoint connecting to the network by performing “profiling.”

Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as

much metadata as possible to learn the device fingerprint.

NMAP (“Network Mapper”) is a popular network scanner which provides a lot of features. One of them is the

OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC

address.

Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:

+ EndPointPolicy

+ LastNmapScanCount

+ NmapScanCount

+ OUI

+ Operating-system

Explanation

Cisco Threat Intelligence Director (CTID) can be integrated with existing Threat Intelligence Platforms deployed by your organization to ingest threat intelligence automatically.

Explanation

Cisco Firepower deployments can take advantage of platform settings policies. A platform settings policy is a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in your deployment, such as time settings and external authentication. Examples of these platform settings policies are time and date settings, external authentication, and other common

administrative features.

A shared policy makes it possible to configure multiple managed devices at once, which provides consistency in your deployment and streamlines your management efforts. Any changes to a platform settings policy affects all the managed devices where you applied the policy. Even if you want different settings per device, you must create a shared policy and apply it to the desired device.

For example, your organization’s security policies may require that your appliances have a “No Unauthorized Use” message when a user logs in. With platform settings, you can set the login banner once in a platform settings policy.

In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.

DNSSEC (Domain Name System Security Extensions) is a technology that protects DNS from cache poisoning and spoofing attacks by digitally signing DNS data with cryptographic keys. DNSSEC ensures the integrity and authenticity of DNS responses, preventing attackers from redirecting traffic to malicious domains. Cisco Umbrella supports DNSSEC by performing validation on queries sent from Umbrella resolvers to upstream authorities. This means that Umbrella will only accept DNS responses that are signed and verified by the authoritative servers for each domain. To enable DNSSEC validation, the organization needs to configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers. This will ensure that Umbrella resolvers will reject any forged or tampered DNS responses and provide secure DNS resolution for the organization’s network. References :=

Some possible references are:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 2: Network Security, Lesson 2.5: Implement DNS Security

What is DNSSEC and Why Is It Important? - Cisco Umbrella

DNSSEC General Availability – Cisco Umbrella