Cisco CCNP Security 350-701 New Questions

Transparently identify users with authentication realms – This option is available when one or more authentication realms are configured to support transparent identification using one of the following authentication servers:

Active Directory – Create an NTLM or Kerberos authentication realm and enable transparent user identification. In addition, you must deploy a separate Active Directory agent such as Cisco’s Context Directory Agent. For more information, see Transparent User Identification with Active Directory.

LDAP – Create an LDAP authentication realm configured as an eDirectory, and enable transparent user identification. For more information, see Transparent User Identification with LDAP.

Details:

Asymmetric encryption, also known as public key cryptography, uses two different keys for encryption and decryption: a public key and a private key. The public key can be shared with anyone, while the private key must be kept secret. Data encrypted with the public key can only be decrypted with the private key, and vice versa. This ensures that only the intended recipient can access the encrypted data, and that the sender can prove their identity with a digital signature. Asymmetric encryption is widely used for securing Internet communications, such as TLS/SSL, which enables HTTPS. Some examples of asymmetric encryption algorithms are RSA, Diffie-Hellman, and Elliptic Curve Cryptography. The other options are not correct because they do not use a public key and private key. Symmetric encryption uses the same key for encryption and decryption, and is faster and more efficient than asymmetric encryption. However, symmetric encryption requires a secure way to exchange the key between the sender and the receiver, which can be facilitated by asymmetric encryption. Linear and nonlinear encryption are not types of encryption, but rather properties of encryption algorithms. A linear encryption algorithm is one that can be expressed as a linear function, such as XOR. A nonlinear encryption algorithm is one that involves more complex mathematical operations, such as modular arithmetic or S-boxes. Nonlinear encryption algorithms are generally more secure and resistant to cryptanalysis than linear encryption algorithms. References :=

Public-key cryptography - Wikipedia

How does public key cryptography work? - Cloudflare

Public and private encryption keys | PreVeil

AES encryption, what are public and private keys?

Explanation

In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco’s proprietary technologies.

The Cisco WSA supports two main authentication protocols: LDAP and NTLM. LDAP is a protocol for accessing and managing directory information over a network. NTLM is a Windows proprietary protocol that uses a challenge-response mechanism for authentication. The Cisco WSA can use both LDAP and NTLM to authenticate users and apply policies based on their identity. The Cisco WSA does not support WCCP, TLS, or SSL as authentication protocols, although it can use them for other purposes, such as traffic redirection or encryption. References:

User Guide for AsyncOS 11.0 for Cisco Web Security Appliances, Chapter: Acquire End-User Credentials

Cisco Web Security Appliance Best Practices Guidelines, Section: Active authentication

Cisco WSA Authentication, Blog post by Kareem CCIE

Authentication and Authorization, PDF document by Cisco