Cisco 350-701 - Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

The intelligent proxy is a feature of Cisco Umbrella that allows it to selectively inspect and proxy web requests for domains that are classified as risky or potentially malicious. These domains may contain both safe and harmful content, and the intelligent proxy can filter out the malicious files or URLs while allowing the benign ones to pass through. The intelligent proxy can also apply SSL decryption to inspect encrypted traffic and enforce policies based on the content or destination of the web requests. To enable the intelligent proxy, an engineer needs to configure it within the Cisco Umbrella dashboard and select the categories of domains that should be proxied. The categories are based on the domain reputation and security risk, and range from High Risk to Low Risk. The engineer can also customize the list of domains to include or exclude from the intelligent proxy. By configuring the intelligent proxy, the engineer can achieve the objectives of identifying and proxying traffic that is categorized as risky domains and may contain safe and malicious content. References :=

Some possible references are:

Enable the Intelligent Proxy - Umbrella User Guide, Cisco

Manage the Intelligent Proxy - Umbrella User Guide, Cisco

Intelligent Proxy in Cisco Umbrella how it works, Cisco Learning Network

What is the Intelligent Proxy? - MSP User Guide, Cisco

Cisco Umbrella Intelligent Proxy and SSL Decryption implementation, Cisco Community

Traffic storm control is a feature that prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces. Traffic storm control monitors the level of each traffic type for which it is enabled in 1-second intervals and compares it with the configured threshold, which is a percentage of the total available bandwidth of the port. When the ingress traffic reaches the threshold, traffic storm control drops the traffic until the end of the interval. Traffic storm control uses the Individual/Group bit in the packet destination address to determine if the packet is unicast or broadcast. This bit is set to 0 for unicast addresses and 1 for multicast or broadcast addresses. Traffic storm control does not use the source address to classify the traffic type. References := Configuring Traffic Storm Control - Cisco, Understanding Cisco Traffic Storm Control - NetCraftsmen

The Python script in the exhibit uses the Cisco AMP for Endpoints API to get information about the computers in the deployment. It imports the requests library, which allows it to make HTTP requests. It then defines three variables: client_id, api_key, and url. These are used to authenticate and access the API endpoint. The url is set to ‘1’, which returns a list of computers in JSON format. The script then makes a GET request using the requests.get() method, passing the url and the authentication details as parameters. The response from the API is stored in the response variable, and converted to JSON using the response.json() method. The script then loops over each computer in the ‘data’ field of the JSON response, using a for loop. Inside the loop, it extracts the hostname of each computer using the ‘hostname’ key, and prints it using the print() function. Therefore, the script will pull all computer hostnames and print them, which is option C. References:

Overview of the Cisco AMP for Endpoints API

Secure Endpoint API - Cisco DevNet

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0

Anycast IP is a component of Cisco umbrella architecture that increases reliability of the service by allowing the same IP address to exist on multiple servers around the world. This way, the user’s request is automatically routed to the nearest and fastest data center, and failover is seamless in case of an outage. Anycast IP also reduces latency and improves performance by using BGP to select the shortest path to the destination12. References := 1: Why Cisco Umbrella uses anycast routing - Cisco Umbrella 2: Cisco Umbrella At a Glance

REST stands for Representational State Transfer, which is an architectural style for designing web services. RESTful web services use HTTP as the application protocol and support the standard HTTP methods, such as GET, PUT, POST, and DELETE, to perform CRUD (Create, Read, Update, Delete) operations on resources. Cisco DNA Center exposes its functionality through a set of RESTful APIs that allow external applications to interact with the network controller and automate various tasks. The RESTful architecture used within Cisco DNA Center has the following characteristics12:

It is simple, extensible, and secure to use. The APIs are based on open standards and use JSON as the data format. The APIs also support HTTPS for secure communication and authentication.

It is stateless, meaning that each request contains all the information necessary to process it, and the server does not store any session or client state. This improves scalability and performance of the web services.

It is resource-oriented, meaning that each API endpoint represents a logical entity or a resource that can be manipulated by the HTTP methods. For example, the /dna/intent/api/v1/network-device endpoint represents the network devices resource, and the GET method can be used to retrieve the list of network devices from Cisco DNA Center.

It is uniform, meaning that the same interface and conventions are used across all the APIs. For example, the APIs use the same authentication mechanism, error handling, pagination, filtering, and sorting parameters. References:

1: Introduction to Cisco DNA Center REST APIs - Cisco DevNet Learning Labs

2: Cisco DNA Center Platform User Guide, Release 2.2.3

 Tetration is the solution that protects hybrid cloud deployment workloads with application visibility and segmentation. Tetration enables a zero-trust model using segmentation, which allows you to identify security incidents faster, contain lateral movement, and reduce your attack surface. Tetration supports both on-premises and public cloud workloads and provides real-time telemetry data, behavior analysis, software inventory, and policy enforcement. Tetration is part of the Cisco Zero Trust portfolio, which also includes solutions for securing the workforce and workplace. References:

Cisco Tetration Platform - Cisco, Topic: Cisco Tetration offers holistic workload protection for multicloud data centers by enabling a zero-trust model using segmentation.

[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 5: Securing the Cloud, Lesson 5.3: Cloud Workload Security, Topic 5.3.1: Tetration

Cisco Zero Trust Tetration, Topic: Tetration provides zero-trust security for workloads as part of the Cisco Zero Trust portfolio.

 A CI/CD pipeline is a process of automating the development, testing, and deployment of software applications. A CI/CD pipeline typically involves multiple tools and stages, such as source code management, build automation, testing, security scanning, and deployment. To secure a CI/CD pipeline, one of the best practices is to avoid hardcoding secrets in config files and CI/CD build tools, and instead use a secure access solution that can authenticate and authorize the access to the pipeline resources.

Duo Network Gateway is a cloud-based solution that provides secure access to internal web applications without requiring a VPN or modifying firewall rules. Duo Network Gateway integrates with Duo’s two-factor authentication (2FA) service to verify the identity of users and devices before granting access to the web applications. Duo Network Gateway also supports single sign-on (SSO) and identity federation with various identity providers, such as Active Directory, Azure AD, Google, and Okta.

By using Duo Network Gateway, you can leverage a CI/CD pipeline without exposing your internal web applications to the internet or compromising security. Duo Network Gateway can protect access to your source code repositories, build servers, testing tools, and deployment platforms. You can also enforce granular access policies based on user roles, device health, location, and time. Duo Network Gateway can help you achieve compliance with industry standards and regulations, such as PCI DSS, HIPAA, and GDPR.

The other options are not as suitable for securing access to a CI/CD pipeline as Duo Network Gateway. A remote access client is a software that allows users to connect to a remote network or server, such as a VPN client. However, a VPN client may not provide sufficient security for a CI/CD pipeline, as it may expose the entire network to potential attacks, or require complex firewall configurations and network segmentation. A VPN client may also introduce performance and reliability issues, as it depends on the quality and availability of the network connection.

SSL WebVPN is a feature of Cisco Adaptive Security Appliance (ASA) that allows users to access web-based resources securely over SSL/TLS. SSL WebVPN can provide secure access to web applications, email, file shares, and other network services. However, SSL WebVPN may not be able to support all the tools and stages of a CI/CD pipeline, as some of them may require non-web protocols, such as SSH, RDP, or VNC. SSL WebVPN may also require additional licenses and hardware resources to support a large number of concurrent users and connections.

Cisco FTD network gateway is a unified platform that combines the features of Cisco ASA and Cisco Firepower. Cisco FTD network gateway can provide firewall, intrusion prevention, malware protection, and VPN services. Cisco FTD network gateway can also integrate with Cisco Identity Services Engine (ISE) to provide identity-based access control and visibility. However, Cisco FTD network gateway may not be the best solution for securing access to a CI/CD pipeline, as it may require complex network design and deployment, and may not support all the CI/CD tools and protocols. Cisco FTD network gateway may also incur additional costs and maintenance efforts.

References := : Secure CI/CD Pipelines: Best Practices for Managing CI/CD Secrets : Duo Network Gateway | Duo Security : VPN vs. Duo Network Gateway | Duo Security : SSL VPN Deployment Guide for Cisco ASA - Cisco : Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7 - VPN Overview [Cisco Firepower NGFW]

L2TP and GRE are both tunneling protocols that can be used to create site-to-site VPNs. However, they have some differences in how they encapsulate and transport data. L2TP is a layer 2 protocol that uses IP packet encapsulation to carry PPP frames over an IP network. L2TP does not add any additional header to the IP packet, but relies on IPsec to provide encryption and authentication. GRE is a layer 3 protocol that adds its own header to the IP packet, which contains information such as the protocol type, checksum, and key. GRE can be used to carry any type of payload over an IP network, not just PPP frames. GRE also requires IPsec to provide security for the tunnel. Therefore, the correct answer is C, because GRE over IPsec adds its own header, and L2TP does not1234 References := 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 - Module 5: Secure Connectivity 2: What is the difference between L2TP vs GRE 3: GRE over IPSec vs L2TP over IPSEC 4: difference between L2TP/GRE/MPLS

Explanation

The Version 1 format was the initially released version. Do not use the Version 1 format unless you are using a legacy collection system that requires it. Use Version 9 or Version 5 export format.

Version 5 export format is suitable only for the main cache; it cannot be expanded to support new features.

Version 8 export format is available only for aggregation caches; it cannot be expanded to support new

features.