350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

To block a website based on a custom list, the customer should add the websites to a blocked type destination list. A destination list is a custom list of domains or URLs that the customer wants to allow or block for their identities. The customer can create destination lists through the Policy Components > Destination Lists page, or within the policy wizard when creating or editing a policy. The custom URL destination block lists feature enables Umbrella to extend a domain level block list to encompass full and partial URLs. In turn, this allows the customer to block certain portions of a website based specifically on the full or partial URL. This feature requires the customer to enable the intelligent proxy and install a root certificate for SSL decryption. References:

Configure Web Policies and Destination Lists - Cisco Umbrella

Control Access to Custom URLs - Umbrella SIG User Guide

Cisco 350-701: How should customer block websites based on custom list

Umbrella Dashboard: New Features—Custom blocked URLs

Understanding Destination lists supported entries and … - Cisco Umbrella

The FMC and managed devices communicate using a two-way, SSL-encrypted communication channel, which by default is on port 8305.

Cisco strongly recommends that you keep the default settings for the remote management port, but if the

management port conflicts with other communications on your network, you can choose a different port. If you change the management port, you must change it for all devices in your deployment that need to communicate with each other.

Explanation

Ping of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash,

destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.

A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered,

and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol documented

Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before

transmission. However, when the target computer reassembles the malformed packet, a buffer overflow can occur, causing a system crash and potentially allowing the injection of malicious code.

 GET VPN (Group Encrypted Transport VPN) is a tunnel-less VPN technology that uses a single security association (SA) for all routers in a group. This allows GET VPN to natively support MPLS and private IP networks, without requiring any additional encapsulation or tunneling protocols. GET VPN also supports multicast traffic without GRE, which reduces overhead and improves performance. FlexVPN is a newer VPN solution that covers all VPN types, such as site-to-site, hub and spoke, and remote access. FlexVPN uses IKEv2 for all VPN types, which offers some advantages over IKEv1, such as resiliency and fewer messages. However, FlexVPN requires newer hardware and software versions to support its features. FlexVPN also relies on GRE or static and dynamic point-to-point interfaces to support MPLS and private IP networks, which adds complexity and overhead. Therefore, a benefit of using GET VPN over FlexVPN within a VPN deployment is that GET VPN natively supports MPLS and private IP networks, without requiring any additional encapsulation or tunneling protocols. References:

Group Encrypted Transport VPN (GETVPN)

Introduction to FlexVPN

what is the difference between dmvpn and flexvpn

 The open standard that creates a framework for sharing threat intelligence in a machine-digestible format is STIX (Structured Threat Information Expression). STIX is a language and serialization format that enables the exchange of cyber threat information across organizations, tools, and platforms. STIX defines a common vocabulary and data model for representing various types of threat intelligence, such as indicators, observables, incidents, campaigns, threat actors, courses of action, and more. STIX also supports the expression of context, relationships, confidence, and handling of the threat information. STIX aims to improve the speed, accuracy, and efficiency of threat detection, analysis, and response.

STIX is often used in conjunction with TAXII (Trusted Automated Exchange of Indicator Information), which is a protocol and transport mechanism that enables the secure and automated communication of STIX data. TAXII defines how to request, send, receive, and store STIX data using standard methods and formats, such as HTTPS, JSON, and XML. TAXII supports various exchange models, such as hub-and-spoke, peer-to-peer, or subscription-based. TAXII enables the interoperability and scalability of threat intelligence sharing among different systems and organizations.

Contextual awareness is the ability to collect and analyze information about the network environment, such as users, devices, applications, threats, and vulnerabilities, and use it to enhance security policies and actions. Cisco Firepower is a network security device that supports contextual awareness by providing real-time visibility into network traffic and activity, security intelligence from Cisco Talos and other sources, and advanced threat protection with Cisco AMP and sandboxing. Cisco Firepower can also leverage Cisco pxGrid to share contextual data with other security solutions, such as SIEM and TD platforms, to enable faster and more accurate threat detection and response123 References := 1: Cisco Firepower NGIPS Data Sheet - Cisco 2: Cisco Identity Services Engine with Integrated Security Information and Event Management and Threat Defense Platforms At-a-Glance - Cisco 3: A Visibility-Driven Approach to Next-Generation Firewalls