Selected 350-701 CCNP Security Questions Answers

A virus is a type of malware that infects a computer system by attaching itself to another program or file. Once executed, the virus can replicate itself and spread to other files or systems. A virus can be used to gain unauthorized access to a computer system by exploiting software vulnerabilities, stealing credentials, or installing backdoors. A virus can also cause damage to the system by deleting, modifying, or encrypting data, or consuming system resources. According to the Implementing and Operating Cisco Security Core Technologies (SCOR) course, viruses are one of the most common forms of malware and can be classified into different types based on their behavior, such as boot sector viruses, file infectors, macro viruses, or polymorphic viruses1. References: 1: Implementing and Operating Cisco Security Core Technologies (SCOR) course, Module 1: Malware Analysis, Lesson 1: Malware Types and Characteristics, Topic: Virus.

Cisco FTDv in AWS can be deployed in two different deployment models: single-instance and cluster. In both models, the FTDv can be configured in routed mode and managed by either an FMCv installed in AWS or a physical FMC appliance on premises. The FTDv can also use Geneve encapsulation for traffic interfaces to support AWS Gateway Load Balancer (GWLB) integration. The following table summarizes the supported deployment model configurations for FTDv in AWS:

Table

Deployment Model

Management Mode

Traffic Mode

Geneve Encapsulation

Single-instance

FMCv in AWS

Routed

Optional

Single-instance

FMC on premises

Routed

Optional

Cluster

FMCv in AWS

Routed

Required

Cluster

FMC on premises

Routed

Required

References :=

• Deploy the Threat Defense Virtual on AWS - Cisco
• Deploy a Threat Defense Virtual Cluster on AWS - Cisco
• Configure Geneve Interfaces in Secure FTDv - Cisco
• Deployment of Cisco Secure FTDv and FMCv instances in AWS - Terraform
• Solved: FTD virtual appliance in AWS - Cisco Community

The function of Cisco Cloudlock for data security is data loss prevention (DLP). Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cloudlock’s simple, open, and automated approach uses APIs to manage the risks in your cloud app ecosystem1. One of the key features of Cloudlock is its DLP technology, which continuously monitors cloud environments to detect and secure sensitive information. It provides countless out-of-the-box policies as well as highly tunable custom policies. You can use Cloudlock’s DLP to prevent data breaches, comply with regulations, and enforce data governance across SaaS, PaaS, and IaaS platforms2. References: 1: Cisco Cloudlock - Cisco2: Cloudlock: Cloud User Security - Cisco Umbrella.

Cisco Firepower impact flags are indicators that help you evaluate the impact an intrusion has on your network by correlating intrusion data, network discovery data, and vulnerability information1. Impact flags are assigned to intrusion events based on the following criteria:

• The operating system and application protocol of the target host
• The exploitability of the target host by the attacker
• The relevance of the intrusion rule to the target host
• The severity of the intrusion rule Impact flags can have four values: unknown, neutral, affected, or vulnerable. Unknown means that the system does not have enough information to assess the impact. Neutral means that the system knows the target host is not affected by the intrusion. Affected means that the system knows the target host is affected by the intrusion, but not necessarily exploitable. Vulnerable means that the system knows the target host is exploitable by the intrusion1. Impact flags can help you prioritize your response to intrusion events, as well as generate reports and alerts based on the impact level. You can also use impact flags to filter and search for intrusion events in the Firepower Management Center1. References: 1: Firepower Management Center Configuration Guide, Version 6.1 - External Alerting with Alert Responses.