350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Explanation

A trustpoint enrollment mode, which also defines the trustpoint authentication mode, can be performed via 3 main methods:

1. Terminal Enrollment – manual method of performing trustpoint authentication and certificate enrolment using copy-paste in the CLI terminal.

2. SCEP Enrollment – Trustpoint authentication and enrollment using SCEP over HTTP.

3. Enrollment Profile – Here, authentication and enrollment methods are defined separately. Along with terminal and SCEP enrollment methods, enrollment profiles provide an option to specify HTTP/TFTP commands to perform file retrieval from the Server, which is defined using an authentication or enrollment url under the profile.

CoA (Change of Authorization) is a feature that allows ISE to dynamically change the authorization attributes of an endpoint after it has been authenticated. CoA can be triggered by various events, such as posture assessment, profiling, or manual intervention1. There are different types of CoA that ISE can send to the network access device (NAD) to perform different actions on the endpoint session. The CoA type that achieves the goal of forcing an endpoint to re-authenticate without disrupting its session is CoA Reauth. CoA Reauth instructs the NAD to initiate a new RADIUS authentication for the endpoint, which allows ISE to apply a new or updated policy based on the latest attributes of the endpoint2. The other CoA types do not achieve this goal, as they either disconnect the endpoint session or do not change the authorization attributes. Port Bounce causes the NAD to shut down and bring up the port where the endpoint is connected, which effectively disconnects and reconnects the endpoint session2. CoA Terminate causes the NAD to terminate the endpoint session and send an Accounting-Stop message to ISE2. CoA Session Query causes the NAD to send an Accounting-Request message to ISE with the current session information, but does not change the authorization attributes of the endpoint2. References:

Cisco Content Hub - Manage Network Devices, section “CoA Types”

Solved: COA and ISE Clarification - Cisco Community, answer by Tarik Admani

Configuring Profiler Policies [Cisco Identity Services Engine] - Cisco …, section “Change of Authorization”

Explanation

The command “crypto isakmp identity address 172.19.20.24” is not valid. We can only use “crypto isakmp

identity {address | hostname}. The following example uses preshared keys at two peers and sets both their

ISAKMP identities to the IP address.

At the local peer (at 10.0.0.1) the ISAKMP identity is set and the preshared key is specified:

crypto isakmp identity address

crypto isakmp key sharedkeystring address 192.168.1.33

At the remote peer (at 192.168.1.33) the ISAKMP identity is set and the same preshared key is specified:

crypto isakmp identity address

crypto isakmp key sharedkeystring address 10.0.0.1

Stateful failover means that the connection state information is replicated from the active ASA to the standby ASA, so that in the event of a failover, the connections are preserved and do not need to be reestablished. Stateless failover means that the connection state information is not replicated, so that in the event of a failover, the connections are dropped and need to be reestablished by the end hosts. Stateful failover provides a smoother transition and less disruption to the network traffic, while stateless failover is simpler and less resource-intensive. References:

Failover for High Availability - Cisco

Failover Types / ASA Failover Addresses / Failover Requirements | Cisco …

 A security application that notifies a controller within a software-defined network architecture about a specific security threat is using a northbound API. A northbound API is an interface that enables communication between the SDN controller and the applications or management systems that use the network services1. A security application can use a northbound API to send alerts, requests, or commands to the SDN controller, which can then take appropriate actions on the network devices or policies2. For example, a security application can use a northbound API to inform the SDN controller about a malicious traffic pattern, and the SDN controller can then block or redirect the traffic using a southbound API3.

 1: What is Software-Defined Networking (SDN)? | VMware Glossary 2: Intent-Based Networking’s Next Evolution: The DNA Center Platform - Cisco Blogs 3: Cisco SDN Security: Securing the Software Defined Network - Cisco

Cisco Stealthwatch - rapidly collects and analyzes netflow and telementy data to deliver in-depth visibility and understanding of network traffic

Cisco ISE – obtains contextual identity and profiles for all users and device

Cisco TrustSec – software defined segmentation that uses SGTs

Cisco Umbrella – secure internet gateway ion the cloud that provides a security solution