350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

ZBFW stands for Zone-Based Firewall, which is a feature that allows unidirectional application of IOS firewall policies between groups of interfaces known as zones. Interfaces are assigned to zones, and firewall rules are applied to specific types of traffic moving in one direction between the zones. ZBFW enforces a secure inter-zone policy by default, meaning traffic cannot pass between security zones until an explicit policy allowing that traffic is defined. The zone itself is an abstraction of multiple interfaces with the same or similar security requirements that can be logically grouped together. ZBFW is CBAC’s replacement and offers intuitive policies for multiple-interface routers, increased granularity of firewall policy application, and a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is applied to allow desirable traffic. ZBFW is supported on IOS devices running 12.4(6)T or later, and ASR devices running 12.2(33) or later. References:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4: Securing the Cloud, Lesson 4.1: Introducing Cisco Cloud Services Router 1000V Series, Topic 4.1.2: Zone-Based Firewall

Understand the Zone-Based Policy Firewall Design

Managing Zone-based Firewall Rules

Zone Based Firewall Overview

CBAC vs. Zone-based firewall

Cisco Umbrella and Cisco Duo Security are two solutions that help combat social engineering and phishing at the endpoint level. Cisco Umbrella is a cloud-based security platform that provides DNS-layer security, web filtering, and threat intelligence to protect users from malicious websites and domains. Cisco Duo Security is a multi-factor authentication (MFA) solution that verifies the identity of users and the health of their devices before granting access to applications. Both solutions help prevent attackers from compromising endpoints and stealing credentials or data through phishing or other social engineering techniques. References:

Cisco Umbrella

Cisco Duo Security

Implementing and Operating Cisco Security Core Technologies (SCOR) - Module 3: Cloud and Content Security

The reason for the failure is that detections for MD5 signatures must be configured in the advanced custom detection policies, not in the simple detection policy section. The simple detection policy section allows users to create a list of SHA-256 hashes of files that they want to block or quarantine on the endpoints. The SHA-256 hash is a more secure and unique identifier of a file than the MD5 hash, which can have collisions or duplicates. The advanced custom detection policy section allows users to create more complex and flexible rules to detect and block files based on various criteria, such as file name, size, type, signature, or MD5 hash. The advanced custom detection policy section also supports wildcards and regular expressions to match multiple files or patterns. Therefore, if the administrator wants to add specific MD5 signatures to the custom detection policy, they should use the advanced custom detection policy section instead of the simple detection policy section.

 To prevent rogue NTP servers from inserting themselves as the authoritative time source, the administrator needs to configure NTP authentication and specify the interface for syncing to the NTP server. NTP authentication allows the ASA to verify the identity and integrity of the NTP packets received from the server, using a shared secret key. Specifying the interface for syncing to the NTP server ensures that the ASA uses the correct source address for sending and receiving NTP packets, and avoids potential routing issues. The other options are not required or relevant for this task. Specifying the NTP version is optional and does not affect security. Configuring the NTP stratum is only applicable for NTP servers, not clients. The ASA can only act as an NTP client, not a server. Setting the NTP DNS hostname is not recommended, as it introduces a dependency on DNS resolution and may cause synchronization problems if the DNS server changes the IP address of the NTP server. References :=

Some possible references are:

Configure NTP Authentication on Secure Network Analytics

CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.6 - Basic Settings

Cisco ASA NTP and Clock Configuration with Examples

The Python script in the exhibit uses the Cisco AMP for Endpoints API to get information about the computers in the deployment. It imports the requests library, which allows it to make HTTP requests. It then defines three variables: client_id, api_key, and url. These are used to authenticate and access the API endpoint. The url is set to ‘1’, which returns a list of computers in JSON format. The script then makes a GET request using the requests.get() method, passing the url and the authentication details as parameters. The response from the API is stored in the response variable, and converted to JSON using the response.json() method. The script then loops over each computer in the ‘data’ field of the JSON response, using a for loop. Inside the loop, it extracts the hostname of each computer using the ‘hostname’ key, and prints it using the print() function. Therefore, the script will pull all computer hostnames and print them, which is option C. References:

Overview of the Cisco AMP for Endpoints API

Secure Endpoint API - Cisco DevNet

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0