350-701 Questions Bank

 Cisco Advanced Phishing Protection (AAP) is a solution that adds sophisticated machine learning capabilities to Cisco Email Security to block advanced identity deception attacks for inbound email by assessing its threat posture1. It also uses both global and local telemetry data combined with analytics and modeling to validate the reputation and authenticity of senders2. AAP provides sender authentication and BEC detection capabilities, and uses advanced machine learning techniques, real-time behavior analytics, relationship modeling and telemetry to protect against identity deception–based threats3.

In two ways, the Cisco Advanced Phishing Protection solution protects users:

• It prevents use of compromised accounts and social engineering. AAP detects and blocks phishing emails that attempt to impersonate legitimate senders, such as executives, partners, or customers, and trick users into revealing sensitive information or transferring funds. AAP analyzes the sender’s identity, behavior, and relationship with the recipient, and assigns a risk score to the email. If the email is deemed suspicious or malicious, AAP can quarantine it, flag it, or deliver it with a warning4.
• It automatically removes malicious emails from users’ inbox. AAP provides retrospective analysis and remediation capabilities, which means that it can identify and remove emails that were initially delivered but later found to be malicious. AAP leverages the Cisco Talos threat intelligence network and the Sensor-based solution to continuously monitor the threat landscape and update the email disposition accordingly. If an email is reclassified as malicious, AAP can automatically delete it from the users’ inbox, or notify the administrator or the user to take action45.

The other options are incorrect because they do not accurately describe the functions of AAP. AAP does not prevent all zero-day attacks coming from the Internet, as it focuses on phishing and identity deception attacks. AAP does not prevent trojan horse malware using sensors, as sensors are used to collect and analyze email data, not to block malware. AAP does not secure all passwords that are shared in video conferences, as it is not related to video conferencing security. Therefore, the correct answer is A and C. References:

• Cisco’s Security Innovations to Protect the Endpoint and Email
• Cisco Advanced Phishing Protection - Cisco Video Portal
• Cisco Advanced Phishing Protection At A Glance - AVANTEC
• User Guide for Cisco Advanced Phishing Protection
• Cisco Secure Email Threat Defense - Cisco
• Integrating the Email Gateway with Cisco Advanced Phishing Protection

Cisco Umbrella allows you to create custom destination lists that contain specific domains or IP addresses that you want to allow or block. You can then apply these destination lists to your policies to override the default behavior of Umbrella. For example, if you want to block specific addresses using Cisco Umbrella, you can create a destination list with those addresses and set the action to block. Then, you can assign this destination list to the policy that you want to modify. This way, any request to those addresses will be blocked by Umbrella, regardless of the content category or application settings12 References := 1: Manage Policies - Umbrella User Guide 2: Understanding Destination lists supported entries and error messages - Cisco Umbrella

Cisco FMC is assigned the role of a client in the pxGrid ecosystem. A client is a partner that subscribes to the contextual data published by other partners or by ISE. A client can also publish its own data, but it does not have to. A client can use the contextual data to enforce security policies, perform threat analysis, or provide visibility. Cisco FMC can subscribe to various topics from ISE or other partners, such as user identity, session directory, endpoint profile, SGT mapping, threat events, or vulnerability assessment. Cisco FMC can also publish its own threat events to ISE or other partners. Cisco FMC can use the contextual data to apply access control rules, correlation policies, or network discovery policies based on the attributes of the users, endpoints, or sessions12.

The other options are not correct because they are not the roles assigned for Cisco FMC. A server is a partner that publishes contextual data to other partners or to ISE. A server can also subscribe to data, but it does not have to. A server can provide valuable information about the network, such as device inventory, configuration, or compliance. An example of a server is Cisco Prime Infrastructure3. A controller is the core component of the pxGrid ecosystem that manages the communication, authentication, and authorization between the partners. The controller is always ISE, and it is responsible for creating and maintaining the pxGrid domain, distributing the certificates, and facilitating the data exchange4. A publisher is a partner that publishes contextual data to other partners or to ISE, but does not subscribe to any data. A publisher can provide useful information about the network, such as security events, alerts, or incidents. An example of a publisher is Cisco Stealthwatch. References :=

• Integrate FMC with ISE using pxGrid | Blue Network Security
• How To: Integrate Firepower Management Center (FMC) 6 … - Cisco Community
• Cisco Prime Infrastructure and ISE pxGrid Integration - Cisco
• pxGrid Overview - Cisco
• [Cisco Stealthwatch and ISE pxGrid Integration - Cisco]

Cisco Defense Orchestrator (CDO) is a cloud-based management solution that allows you to manage security policies and device configurations with ease across multiple Cisco and cloud-native security platforms. CDO centrally manages elements of policy and configuration across Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS1. CDO also provides visibility, automation, and orchestration capabilities to simplify and unify security operations2. The other options are not cloud security software that can centrally manage policies on multiple platforms. Cisco Configuration Professional is a device management tool for Cisco routers and switches. Cisco Secureworks is a security services provider that offers threat intelligence and incident response. Cisco DNAC is a network controller that automates and assures services across campus, branch, and edge networks. References :=

• Cisco Defense Orchestrator Data Sheet
• Cisco Defense Orchestrator