350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Explanation

Explanation

DevSecOps (development, security, and operations) is a concept used in recent years to describe how to move

security activities to the start of the development life cycle and have built-in security practices in the continuous

integration/continuous deployment (CI/CD) pipeline. Thus minimizing vulnerabilities and bringing security closer

to IT and business objectives.

Three key things make a real DevSecOps environment:

+ Security testing is done by the development team.

+ Issues found during that testing is managed by the development team.

+ Fixing those issues stays within the development team.

the routing of traffic through the Cisco Umbrella network is to browse to http://welcome.umbrella.com/. This URL will display a message that confirms whether the new network identity is working or not. If the message says “You’re protected by Cisco Umbrella”, then the traffic is being routed correctly. If the message says “You’re not using Cisco Umbrella”, then the traffic is not being routed correctly and the configuration needs to be checked. The other options are not valid actions to test the routing. Option A is incorrect because the client computers should point to the Cisco Umbrella DNS servers, not the on-premises DNS servers. Option B is incorrect because the Intelligent Proxy is a feature that selectively intercepts and proxies web requests for deeper inspection, not a tool to test the routing. Option C is incorrect because adding the public IP address to a Core Identity is a way to identify the network, not a way to test the routing. References:

How To: Successfully test to ensure you’re running Umbrella correctly

Add a Network Identity

Cisco Tetration, which is a hybrid-cloud workload protection platform that uses machine learning, behavior analysis, and algorithmic approaches to secure compute instances in both the on-premises data center and the public cloud1. Cisco Tetration can process behavior baselines, monitor for deviations, and review for malicious processes in data center traffic and servers while performing software vulnerability detection. It can also provide zero-trust microsegmentation, proactive identification of security incidents, and reduction of the attack surface1. The other options are not correct because they do not offer the same level of workload protection as Cisco Tetration. Cisco ISE is an identity and access control platform that provides secure network access, endpoint compliance, and device administration2. Cisco AMP for Network is a network-based malware prevention solution that detects and blocks malicious files and URLs before they reach the endpoints3. Cisco AnyConnect is a VPN client that provides secure remote access, endpoint visibility, and posture enforcement4. References:

1: Cisco Secure Workload Platform Data Sheet

2: Cisco Identity Services Engine Data Sheet

3: Cisco Advanced Malware Protection for Networks Data Sheet

4: Cisco AnyConnect Secure Mobility Client Data Sheet

Explanation

Cisco Context Directory Agent (CDA) is a mechanism that maps IP Addresses to usernames in order to allow

security gateways to understand which user is using which IP Address in the network, so those security

gateways can now make decisions based on those users (or the groups to which the users belong to).

CDA runs on a Cisco Linux machine; monitors in real time a collection of Active Directory domain controller (DC) machines for authentication-related events that generally indicate user logins; learns, analyzes, and caches mappings of IP Addresses and user identities in its database; and makes the latest mappings available to its consumer devices.

Explanation

FlexVPN supports IKEv2 -> Answer A is not correct.

DMVPN supports both IKEv1 & IKEv2 -> Answer B is not correct.

FlexVPN support multiple SAs -> Answer D is not correct.

 Cisco Web Security Appliance (WSA) is the platform that automatically blocks risky sites, and tests unknown sites for hidden advanced threats before allowing users to click them, using Cisco Cognitive Threat Analytics. Cisco Cognitive Threat Analytics is a cloud-based solution that reduces the time to discovery of threats operating inside the network by analyzing web traffic and detecting anomalous behavior. Cisco WSA integrates with Cisco Cognitive Threat Analytics to provide enhanced web security and breach detection. Cisco WSA can also leverage other Cisco security solutions, such as Cisco Umbrella, Cisco Advanced Malware Protection (AMP), and Cisco Talos Intelligence Group, to provide comprehensive web security. References:

Cisco Web Security Appliance (WSA)

Cisco Cognitive Threat Analytics At-a-Glance

Introducing Cisco Cognitive Threat Analytics

Implementing and Operating Cisco Security Core Technologies (SCOR) - Module 3: Cloud and Content Security

When a transparent authentication fails on the Web Security Appliance (WSA), the end user gets blocked access. This means that the user cannot access any web resources until they successfully authenticate. The WSA can use different methods to authenticate users transparently, such as Transparent User Identification (TUI), Transparent Identification, or Kerberos1. If none of these methods work, the WSA will send a block page to the user with a message explaining why the authentication failed and how to resolve the issue2. The block page can be customized by the administrator to provide more information or instructions to the user3.

References := 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4: Securing the Cloud, Lesson 4.3: Cloud Application Security, Topic 4.3.2: Cisco Umbrella, page 4-59. 2: User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment), Chapter: Acquire End-User Credentials, Topic: Failed Authentication Credentials, page 4-67. 3: User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment), Chapter: Customize End-User Notifications, Topic: Customize Block Pages, page 5-1.