Exactprep 350-701 Questions

 Firepower NGIPS inline deployment mode is a mode where the NGIPS device is placed in the traffic path and can take actions such as blocking, modifying, or redirecting traffic based on the policies and rules. In this mode, the NGIPS device must have inline interface pairs configured, which are pairs of physical or logical interfaces that act as a single logical interface. The inline interface pairs are connected to the network devices on both sides of the NGIPS device, and the traffic flows through the NGIPS device from one interface to the other. The NGIPS device can inspect and modify the traffic as it passes through the inline interface pairs12. References := 1: Firepower Management Center Configuration Guide, Version 6.6 - Device Management Basics 2: Configure FTD Interfaces in Inline-Pair Mode

Explanation

A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.

Buffer overflow is a vulnerability in low level codes of C and C++. An attacker can cause the program to crash, make data corrupt, steal some private information or run his/her own code. It basically means to access any buffer outside of it’s alloted memory space. This happens quite frequently in the case of arrays.

Cisco Security Intelligence is a feature that allows you to block or monitor traffic based on IP addresses or domain names that are known to be malicious or suspicious. Cisco Security Intelligence requires a Protect license on the Cisco Next Generation Intrusion Prevention System (NGIPS), which is part of the Firepower Threat Defense (FTD) software. A Protect license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering1. The other license options (control, malware, and URL filtering) do not enable Cisco Security Intelligence on the NGIPS. References:

• Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, section “Security Intelligence”
• Firepower Management Center Configuration Guide, Version 6.0, section “Licensing the Firepower System”