Free Cisco 350-701 Practice Exam with Questions & Answers | Set: 13

Explanation

An example of configuring a NetFlow exporter is shown below:

flow exporter Exporter

destination 192.168.100.22

transport udp 2055

 To configure a flow-export action on a Cisco ASA, you need to use the flow-export event-type command and the policy-map command. The flow-export event-type command specifies the type of events that trigger the export of NetFlow Security Event Logging (NSEL) records to a collector. The policy-map command creates or modifies a policy map that can be applied to one or more interfaces to specify a service policy. A service policy consists of a traffic class and one or more actions to be applied to the traffic class. One of the actions can be a flow-export action that matches the NSEL events and sends them to a collector. The other commands are not required for configuring a flow-export action. The access-list command creates or modifies an access list that can be used to filter traffic or match traffic classes, but it is not mandatory for a flow-export action. The flow-export template timeout-rate command specifies how often the ASA sends the template to the collector, but it is not part of the flow-export action configuration. The access-group command applies an access list to an interface, but it is not related to the flow-export action. References:

Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4 and 8.6 - Configuring Network Secure Event Logging (NSEL)

Solved: Flow-Export problem - Cisco Community

How to configure NetFlow on Cisco ASA firewalls - Auvik Support

Configuring Cisco’s ASA for NSEL Export to the StealthWatch System

Explanation

Umbrella Roaming is a cloud-delivered security service for Cisco’s next-generation firewall. It protects your employees even when they are off the VPN.

Explanation

Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential. Cisco switches uniquely

identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access-Request

message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server.

Cisco Tetration, which is a hybrid-cloud workload protection platform that uses machine learning, behavior analysis, and algorithmic approaches to secure compute instances in both the on-premises data center and the public cloud1. Cisco Tetration can process behavior baselines, monitor for deviations, and review for malicious processes in data center traffic and servers while performing software vulnerability detection. It can also provide zero-trust microsegmentation, proactive identification of security incidents, and reduction of the attack surface1. The other options are not correct because they do not offer the same level of workload protection as Cisco Tetration. Cisco ISE is an identity and access control platform that provides secure network access, endpoint compliance, and device administration2. Cisco AMP for Network is a network-based malware prevention solution that detects and blocks malicious files and URLs before they reach the endpoints3. Cisco AnyConnect is a VPN client that provides secure remote access, endpoint visibility, and posture enforcement4. References:

1: Cisco Secure Workload Platform Data Sheet

2: Cisco Identity Services Engine Data Sheet

3: Cisco Advanced Malware Protection for Networks Data Sheet

4: Cisco AnyConnect Secure Mobility Client Data Sheet

Cross-site scripting (XSS) is a web security vulnerability that allows an attacker to inject malicious code into a web page that is viewed by other users. XSS can compromise the user’s interaction with the web application, steal sensitive data, perform unauthorized actions, and more. To prevent XSS, web developers need to apply various defensive techniques to ensure that user-supplied data is not interpreted as code by the browser. Two of these techniques are:

Incorporate contextual output encoding/escaping: This means that any user-supplied data that is displayed on the web page should be properly encoded or escaped according to the context where it appears. For example, if the data is inserted into an HTML attribute, it should be HTML attribute encoded; if the data is inserted into a JavaScript string, it should be JavaScript string encoded; and so on. This prevents the data from breaking out of its intended context and being executed as code by the browser. Output encoding should be done by using a reliable library or framework that supports different contexts and encodings.

Run untrusted HTML input through an HTML sanitization engine: This means that any user-supplied data that is intended to contain HTML markup should be filtered and validated by a sanitization engine that removes or escapes any potentially dangerous elements, attributes, or scripts. This prevents the attacker from injecting malicious HTML code that can execute scripts, load external resources, redirect the user, or perform other malicious actions. HTML sanitization should be done by using a well-tested and maintained library or framework that follows the best practices and standards for HTML filtering.

References :=

[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 5: Securing the Cloud, Lesson 5.2: Web Application Security, Topic 5.2.2: Cross-Site Scripting (XSS)

Cross Site Scripting Prevention Cheat Sheet - OWASP

What is cross-site scripting (XSS) and how to prevent it? - Web Security Academy

 Platform as a Service (PaaS) is a cloud service model that delivers and manages all the hardware and software resources to develop applications through the cloud. The service provider is responsible for the infrastructure, middleware, runtime, and operating system, while the customer only has to focus on the application and data. PaaS enables the customer to avoid the hassle of patching, updating, or maintaining the operating system, as well as the underlying hardware and network12. Infrastructure as a Service (IaaS) is a cloud service model that delivers on-demand infrastructure resources, such as compute, storage, networking, and virtualization, to the customer via the cloud. The service provider hosts and manages the infrastructure, but the customer is responsible for the operating system, middleware, virtual machines, and any apps or data. IaaS requires the customer to handle the patch management of the operating system, as well as the security and configuration of the virtual machines34. References := 1: Use platform as a service (PaaS) options - Azure Architecture Center 2: What is Platform-as-a-Service (PaaS)? - Cloudflare 3: PaaS vs IaaS vs SaaS: What’s the difference? | Google Cloud 4: SaaS vs PaaS vs IaaS: What’s The Difference & How To Choose – BMC Software | Blogs

Explanation

Cisco Context Directory Agent (CDA) is a mechanism that maps IP Addresses to usernames in order to allow

security gateways to understand which user is using which IP Address in the network, so those security

gateways can now make decisions based on those users (or the groups to which the users belong to).

CDA runs on a Cisco Linux machine; monitors in real time a collection of Active Directory domain controller (DC) machines for authentication-related events that generally indicate user logins; learns, analyzes, and caches mappings of IP Addresses and user identities in its database; and makes the latest mappings available to its consumer devices.

Cross-site scripting (XSS) is the method of attack that is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim’s web browser executes the code. XSS is a type of injection attack that exploits the lack of input validation or output encoding in a web application. An attacker can craft a malicious script and embed it in a web page or a URL that is sent to the user. When the user visits the web page or clicks the URL, the script is executed by the user’s browser, which may not be able to distinguish it from legitimate code. The script can then perform various actions, such as stealing cookies, session tokens, or other sensitive information, redirecting the user to a malicious site, or performing actions on behalf of the user12. The other options are not correct, because they are not methods of attack that use web applications to execute malicious code on the user’s browser. Buffer overflow is a type of attack that exploits a memory vulnerability in a program or system, where an attacker can overwrite the memory beyond the allocated buffer and execute arbitrary code3. Browser WGET is a command-line tool that can be used to download files from the web, but it is not an attack method by itself4. SQL injection is a type of attack that exploits a database vulnerability in a web application, where an attacker can inject malicious SQL statements into a user input field and execute them on the database server5. References:

1: What is Cross-Site Scripting (XSS)? - Cisco

2: Cross-Site Scripting (XSS) - OWASP

3: What is a Buffer Overflow? - Cisco

4: GNU Wget 1.21.1 Manual

5: What is SQL Injection (SQLi)? - Cisco

According to the NIST 800-145 guide1, a community cloud is a cloud infrastructure that is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. A community cloud is different from a hybrid cloud, which is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). A private cloud is a cloud infrastructure that is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. A public cloud is a cloud infrastructure that is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. References :=

Some possible references are:

1: NIST SP 800-145, The NIST Definition of Cloud Computing, 1 2: Evaluation of Cloud Computing Services Based on NIST SP 800-145, 3 3: What Is Community Cloud? Definition, Architecture, Examples, and Best Practices, 6

Explanation

Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.