CCNP Security 350-701 Cisco Study Notes

Dynamic ARP Inspection (DAI) is a security feature that validates ARP packets on untrusted interfaces by comparing the MAC address to IP address bindings in the DHCP snooping database or an ARP access-list. If the ARP packet contains invalid or spoofed information, it is dropped and logged. DAI also inspects ARP packets on trusted interfaces, but it does not drop them if they are invalid. Instead, it forwards them to the destination without validation. This allows the switch to support devices that use static IP addresses or have legitimate reasons to send ARP packets with different MAC address to IP address bindings. However, this also means that if a spoofed ARP packet is received on a trusted interface, it will bypass the DAI validation and be forwarded to the destination. This could allow an attacker to poison the ARP cache of other devices and perform a man-in-the-middle attack. Therefore, the correct answer is option B. The switch drops the packet after validation by using the IP & MAC Binding Table. References:

Understanding and Configuring Dynamic ARP Inspection

DAI (Dynamic ARP Inspection)

Dynamic ARP Inspection (DAI) Explanation & Configuration

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0

Explanation

The purpose of above commands is to redirect traffic that matches the ACL “redirect-acl” to the Cisco

FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and

any other actions that are applied by policy are performed, the traffic is returned to the ASA for further

processing and ultimate transmission.

The command “service-policy global_policy global” applies the policy to all of the interfaces.

AAA stands for Authentication, Authorization, and Accounting. It is a framework that provides security to network resources by controlling who can access them (authentication), what they can do (authorization), and what actions they perform (accounting). AAA can be implemented by using the local database of the device or by using an external server such as Cisco ISE (Identity Services Engine).

The question asks which configuration item makes it possible to have the AAA session on the network. A session is a logical connection between a user and a network device. A session can be initiated by various methods, such as console, telnet, SSH, PPP, etc. Each session can have different AAA policies applied to it, depending on the method list configured for that session.

A method list is a set of rules that define the authentication, authorization, and accounting methods to be used for a particular session. A method list can be named or default. A named method list is applied to a specific session by using the login, authorization, or accounting keyword followed by the name of the method list. A default method list is applied to all sessions that do not have a named method list configured.

The configuration item that makes it possible to have the AAA session on the network is the aaa authorization network default group ise command. This command configures a default method list for network authorization, which is the process of determining the network services and attributes that a user is allowed to access after authentication. The command specifies that the network authorization method is group, which means that the device will use an external server (such as Cisco ISE) to obtain the authorization information for the user. The command also specifies that the name of the server group is ise, which means that the device will use the server group defined by the aaa group server radius ise command.

The other options are incorrect because they do not configure a default method list for network authorization. Option A configures a named method list for login authentication, which is the process of verifying the identity of the user. Option B configures a default method list for enable authentication, which is the process of verifying the identity of the user who wants to enter the privileged EXEC mode. Option D configures a default method list for exec authorization, which is the process of determining the commands and features that a user can access in the EXEC mode. References:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 1: Security Concepts, Lesson 1: Describing Information Security Concepts

Configure Basic AAA on an Access Server, General AAA Configuration, Authentication Configuration, Authorization Configuration

AAA (Authentication, Authorization and Accounting) - GeeksforGeeks, AAA implementation, ACS server

Cisco Tetration is a hybrid-cloud workload protection platform that secures compute instances in both the on-premises data center and the public cloud1. One of the benefits of using Cisco Tetration is that it collects telemetry data from servers and then uses software sensors to analyze flow information2. This allows Cisco Tetration to provide comprehensive visibility into every workload interaction and powerful AI/ML driven automation2. By analyzing the flow information, Cisco Tetration can also generate microsegmentation policies, detect workload behavior anomalies, identify software vulnerabilities, and monitor policy compliance23. References: 1: Cisco Secure Workload (formerly Tetration) FAQ 2: Cisco Secure Workload Platform Data Sheet 3: Cisco Tetration Platform - Cisco