350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Explanation

The profiling service issues the change of authorization in the following cases:

– Endpoint deleted—When an endpoint is deleted from the Endpoints page and the endpoint is disconnected

or removed from the network.

An exception action is configured—If you have an exception action configured per profile that leads to an

unusual or an unacceptable event from that endpoint. The profiling service moves the endpoint to the

corresponding static profile by issuing a CoA.

– An endpoint is profiled for the first time—When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile.

+ An endpoint identity group has changed—When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy.

The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:

++ The endpoint identity group changes for endpoints when they are dynamically profiled

++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint – An endpoint profiling policy has changed and the policy is used in an authorization policy—When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy.

Cross-site scripting (XSS) is the method of attack that is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim’s web browser executes the code. XSS is a type of injection attack that exploits the lack of input validation or output encoding in a web application. An attacker can craft a malicious script and embed it in a web page or a URL that is sent to the user. When the user visits the web page or clicks the URL, the script is executed by the user’s browser, which may not be able to distinguish it from legitimate code. The script can then perform various actions, such as stealing cookies, session tokens, or other sensitive information, redirecting the user to a malicious site, or performing actions on behalf of the user12. The other options are not correct, because they are not methods of attack that use web applications to execute malicious code on the user’s browser. Buffer overflow is a type of attack that exploits a memory vulnerability in a program or system, where an attacker can overwrite the memory beyond the allocated buffer and execute arbitrary code3. Browser WGET is a command-line tool that can be used to download files from the web, but it is not an attack method by itself4. SQL injection is a type of attack that exploits a database vulnerability in a web application, where an attacker can inject malicious SQL statements into a user input field and execute them on the database server5. References:

1: What is Cross-Site Scripting (XSS)? - Cisco

2: Cross-Site Scripting (XSS) - OWASP

3: What is a Buffer Overflow? - Cisco

4: GNU Wget 1.21.1 Manual

5: What is SQL Injection (SQLi)? - Cisco

Explanation

A destination list is a list of internet destinations that can be blocked or allowed based on the administrative

preferences for the policies applied to the identities within your organization. A destination is an IP address

(IPv4), URL, or fully qualified domain name. You can add a destination list to Umbrella at any time; however, a

destination list does not come into use until it is added to a policy.

Explanation

The purpose of above commands is to redirect traffic that matches the ACL “redirect-acl” to the Cisco

FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and

any other actions that are applied by policy are performed, the traffic is returned to the ASA for further

processing and ultimate transmission.

The command “service-policy global_policy global” applies the policy to all of the interfaces.

 MAB is a fallback authentication method for devices that do not support 802.1X. When MAB is enabled on a switchport, the switch will first try 802.1X and if it fails, it will use the MAC address of the device as the username and password to authenticate it with a RADIUS server. The RADIUS server must have a database of MAC addresses that are allowed on the network. MAB can also support dynamic VLAN assignment and ACLs from the RADIUS server. MAB is not a very secure method because MAC addresses can be easily spoofed or changed. Therefore, MAB should be used with caution and only for devices that cannot use 802.1X. References :=

Some possible references are:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Securing Networks with Cisco Firepower Next Generation Firewall, Lesson 3.2: Deploying Cisco Firepower Next-Generation Firewall, Topic 3.2.2: 802.1X and MAB

MAC Authentication Bypass Deployment Guide, Cisco, MAB Overview, What is MAB?

MAC Authentication Bypass (MAB), NetworkLessons.com, How MAB Works

MAC-based authentication (MAB), RADIUSaaS Docs, How it works

MAC authentication and username/password, Cisco Community, Answer by hslai

The FMC and managed devices communicate using a two-way, SSL-encrypted communication channel, which by default is on port 8305.

Cisco strongly recommends that you keep the default settings for the remote management port, but if the

management port conflicts with other communications on your network, you can choose a different port. If you change the management port, you must change it for all devices in your deployment that need to communicate with each other.