350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Full Context Awareness - policy enforcement

NGIPS - threat prevention

AMP - real-time

Collective Sec Intel - Detection, blocking an remediation

 Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cloudlock’s simple, open, and automated approach uses APIs to manage the risks in your cloud app ecosystem. Cloudlock integrates with cloud applications like Dropbox and Office 365 by providing visibility, compliance, threat protection, and data security. Cloudlock can detect and prevent data exfiltration by applying data loss prevention (DLP) policies, encrypting sensitive data, and alerting or blocking unauthorized activities. Cloudlock also supports cloud app discovery and risk assessment, user and entity behavior analytics (UEBA), and cloud app firewall12. References: 1: Cisco Cloudlock - Cisco 2: Cisco Cloudlock Privacy Data Sheet

Proxy caching is a method that enables a proxy server to save recent and frequent website/webpage requests and data requested by one or more client machines. It reduces latency, eases bandwidth consumption, and ensures content is served more swiftly to the end-user12. WSA (Web Security Appliance) is a Cisco product that provides proxy caching functionality, along with other web security features such as malware protection, URL filtering, and data loss prevention3. Firepower, FireSIGHT, and ASA are other Cisco products that do not provide proxy caching, but rather focus on different aspects of network security, such as threat detection, management, and firewall . References:

What is Proxy Caching? | StackPath

What Is Proxy Caching? | Definition & Overview | NinjaOne

Cisco Web Security Appliance Data Sheet

[Cisco Firepower NGFW Data Sheet]

[Cisco FireSIGHT Management Center Data Sheet]

[Cisco ASA 5500-X Series Firewalls Data Sheet]

ETHOS is one of the many detection engines that AMP uses to continuously protect you from malware. It is only available in the public cloud, as it requires a large amount of data and processing power to operate. ETHOS uses machine learning to analyze the behavior and characteristics of files and determine their maliciousness. It can detect both known and unknown threats, as well as polymorphic and metamorphic malware that can change their appearance or code. ETHOS is part of the AMP cloud’s dynamic analysis capabilities, which also include SPERO and Threat Grid12.

The private cloud instance of AMP does not have ETHOS, as it is meant to be an on-premises, self-contained solution that satisfies stringent privacy requirements. The private cloud instance also does not have SPERO or Threat Grid, unless they are deployed separately as additional appliances. The private cloud instance relies on the TETRA detection engine, which is a signature-based engine that can identify known malware. TETRA is updated regularly with new signatures from the AMP cloud, but it cannot detect unknown or zero-day threats as effectively as ETHOS34.

Therefore, the capability that is exclusive to the AMP public cloud instance as compared to the private cloud instance is the ETHOS detection engine. References: 1: Cisco Advanced Malware Protection Private Cloud Appliance Data Sheet 2: What is AMP Private Cloud 3: Deploy Cisco AMP Private Cloud on Cisco HyperFlex Systems 4: AMP Private Cloud vs Public Cloud Dashboard different

The Cloudlock Apps Firewall is a feature of Cisco Cloudlock, which is a cloud-native cloud access security broker (CASB) that helps organizations move to the cloud safely. The Cloudlock Apps Firewall mitigates security concerns from an application perspective by discovering and controlling cloud apps that are connected to a company’s corporate environment, such as Google G Suite or Microsoft Azure Active Directory (AD). These cloud apps are authorized through OAuth to access corporate data and resources via APIs, and may pose risks such as data exfiltration, account compromise, or malicious behavior. The Cloudlock Apps Firewall provides visibility into the app ecosystem, including the app name, category, risk level, access scopes, and number of users. It also allows administrators to ban or allowlist apps based on their risk profile and compliance requirements. Additionally, the Cloudlock Apps Firewall leverages a crowd-sourced Community Trust Rating for each app, which reflects the feedback from other Cloudlock customers on the app’s security and functionality. References :=

Cisco Content Security Products

Cisco Cloudlock - Cisco

Shadow IT Control with Apps Firewall - Cisco

Test scor q151 - q200

Explanation

Explanation

DevSecOps (development, security, and operations) is a concept used in recent years to describe how to move

security activities to the start of the development life cycle and have built-in security practices in the continuous

integration/continuous deployment (CI/CD) pipeline. Thus minimizing vulnerabilities and bringing security closer

to IT and business objectives.

Three key things make a real DevSecOps environment:

+ Security testing is done by the development team.

+ Issues found during that testing is managed by the development team.

+ Fixing those issues stays within the development team.

Explanation

All IKE policies on the device are sent to the remote peer regardless of what is in the selected policy section.

The first IKE Policy matched by the remote peer will be selected for the VPN connection. Choose which policy is sent first using the priority field. Priority 1 will be sent first.

Trusted Automated Exchange of Indicator Information (TAXII) is a standard that defines how to exchange cyber threat intelligence (CTI) over HTTPS. CTI includes indicators of compromise (IOCs), such as malware hashes, IP addresses, URLs, and domains, that can be used to detect and respond to cyberattacks. TAXII enables the sharing of CTI in a secure, automated, and interoperable way among different organizations and tools. Structured Threat Information Expression (STIX) is a standard that defines how to represent and structure CTI in a common language. STIX and TAXII are often used together to facilitate the exchange of CTI. Advanced Persistent Threat (APT) is not a standard, but a term used to describe a sophisticated and stealthy cyberattack that persists over a long period of time, often targeting specific organizations or sectors. Open Command and Control (OpenC2) is a standard that defines how to communicate and execute cyber defense actions across different technologies and domains. OpenC2 enables the orchestration and automation of cyber defense actions, such as blocking, isolating, or redirecting malicious traffic or devices. References :=

Some possible references are:

[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 4: Content Security, Lesson 4.3: Cisco Umbrella, Topic 4.3.1: Cisco Umbrella Investigate

350-701 SCOR - Cisco, Exam Topics, 4.0 Content Security, 4.3 Describe the components, capabilities, and benefits of Cisco Umbrella, 4.3.a Investigate

TAXII - OASIS Cyber Threat Intelligence Technical Committee, Overview, Introduction

STIX - OASIS Cyber Threat Intelligence Technical Committee, Overview, Introduction

OpenC2 - OASIS Open Command and Control Technical Committee, Overview, Introduction

What is an Advanced Persistent Threat (APT)? | Fortinet, Definition, What is an APT?