CCNP Security 350-701 Release Date

Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR) are both important components of an endpoint security strategy, but they have different goals and capabilities. EPP is designed to act as a preventive security measure, blocking known and unknown malware and malicious activity on endpoint devices using various techniques such as antivirus, data encryption, and data loss prevention. EPP solutions are mainly cloud-managed and assisted by cloud data, and use multiple detection engines such as signature-based, machine learning, and behavioral analysis. EPP solutions prevent breaches by leveraging threat intelligence and sandboxing capabilities to continuously protect endpoints from emerging threats12.

EDR, on the other hand, focuses on detecting and responding to advanced threats that have already evaded the front-line defenses and infiltrated the environment. EDR solutions provide continuous and comprehensive visibility into endpoint activity in real time, allowing security teams to quickly and effectively identify and remediate cyberattacks such as ransomware and fileless malware. EDR solutions offer advanced threat detection, investigation, and response capabilities, including incident data search and investigation, alert triage, suspicious activity validation, threat hunting, and malicious activity detection and containment. EDR solutions serve as a safety net to capture threats that go undetected by traditional antivirus software and uncover incidents that would otherwise remain invisible34.

Therefore, the primary difference between an EPP and an EDR is that EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses. References: 1: Endpoint Protection Platform (EPP) Definition - Cisco 2: EPP vs. EDR: Why You Need Both - CrowdStrike 3: Endpoint Detection and Response (EDR) Definition - Cisco 4: EDR vs EPP: Why Should You Have to Choose? - Check Point Software

SQL injection attacks are a type of code injection technique that exploit the use of dynamic SQL queries in web applications. Attackers can inject malicious SQL statements into user input fields, such as login forms, search boxes, or URLs, and execute them on the underlying database. This can result in unauthorized access, data theft, data corruption, or denial of service.

To prevent SQL injection attacks, web developers should use the following techniques:

• Use prepared statements and parameterized queries: Prepared statements are SQL queries that are precompiled and executed with user-supplied parameters. Parameterized queries are SQL queries that use placeholders for user input and bind them to actual values at runtime. Both techniques separate the SQL code from the user input, making it impossible for attackers to inject SQL commands into the query. For example, in Java, PreparedStatement is a class that implements parameterized queries. In PHP, PDO and mysqli are extensions that support prepared statements.
• Block SQL code execution in the web application database login: Web applications should use a dedicated database user account with limited privileges to connect to the database. This account should only have the permissions necessary to perform the required operations, such as select, insert, update, or delete. It should not have the permissions to execute arbitrary SQL commands, such as create, drop, alter, grant, or revoke. This way, even if an attacker manages to inject SQL code into the query, the database will reject it due to insufficient privileges.

References:

• [Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 5: Securing the Cloud, Lesson 5.2: Cloud Application Security, Topic 5.2.2: SQL Injection
• SQL Injection Prevention - OWASP Cheat Sheet Series
• How to Prevent SQL Injection: 5 Key Prevention Methods - eSecurityPlanet
• How to Protect Against SQL Injection Attacks

ExplanationCisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations – before a connection is ever made. Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent. Cisco Umbrella roaming protects your employees even when they are off the VPN.

RADIUS Change of Authorization (CoA) is a feature of Cisco ASA that allows VPN users to be postured against Cisco ISE without requiring an inline posture node. RADIUS CoA enables the ISE to send a message to the ASA to change the authorization attributes of an existing VPN session, such as the assigned IP address, ACL, or group policy. This way, the ISE can dynamically adjust the access level of the VPN user based on the posture assessment results, without the need for an intermediate device to enforce the policy change12. RADIUS CoA is supported by the ASA since version 9.2.13. References: 1: ASA Version 9.2.1 VPN Posture with ISE Configuration Example - Cisco 2: How To: ISE and ASA Integration using CoA for Posture - Cisco Community 3: How To Configure Posture with AnyConnect Compliance … - Cisco CommunityQUESTION NO: 94

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?(Choose two)A. multiple factor authB. local web authC. single sign-onD. central web authE. TACACS+

Answer: B, D

 Local web authentication (LWA) and central web authentication (CWA) are two mechanisms that are used to redirect users to a web portal to authenticate to ISE for guest services. Both methods involve the use of a redirect access control list (ACL) that allows the user to access only the web portal URL and blocks all other traffic until the user is authenticated. The difference between LWA and CWA is where the web portal and the authentication logic are hosted.

• LWA: The web portal and the authentication logic are hosted on the wireless LAN controller (WLC). The WLC sends a RADIUS access-accept message to the network access device (NAD) along with the redirect ACL and the web portal URL. The NAD then redirects the user to the web portal on the WLC, where the user enters their credentials. The WLC verifies the credentials with the ISE and grants or denies access to the user. The advantage of LWA is that it does not require any configuration on the ISE, but the disadvantage is that it does not support advanced features such as posture assessment, profiling, or authorization policies.
• CWA: The web portal and the authentication logic are hosted on the ISE. The WLC sends a RADIUS access-challenge message to the NAD along with the redirect ACL and the web portal URL. The NAD then redirects the user to the web portal on the ISE, where the user enters their credentials. The ISE verifies the credentials and sends a RADIUS access-accept message to the WLC with the authorization profile and the final ACL. The WLC then applies the authorization profile and the final ACL to the user session. The advantage of CWA is that it supports advanced features such as posture assessment, profiling, or authorization policies, but the disadvantage is that it requires more configuration on the ISE.

References :=

• Configure Guest Access
• Web Authentication Redirection to Original URL
• Configure Local Web Authentication with External Authentication