Cisco Updated 350-701 Exam Questions and Answers by pixie

ExplanationExplanationStorm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.By using the “storm-control broadcast level [falling-threshold]” we can limit the broadcast traffic on the switch.

 A security application that notifies a controller within a software-defined network architecture about a specific security threat is using a northbound API. A northbound API is an interface that enables communication between the SDN controller and the applications or management systems that use the network services1. A security application can use a northbound API to send alerts, requests, or commands to the SDN controller, which can then take appropriate actions on the network devices or policies2. For example, a security application can use a northbound API to inform the SDN controller about a malicious traffic pattern, and the SDN controller can then block or redirect the traffic using a southbound API3.

References: 1: What is Software-Defined Networking (SDN)? | VMware Glossary 2: Intent-Based Networking’s Next Evolution: The DNA Center Platform - Cisco Blogs 3: Cisco SDN Security: Securing the Software Defined Network - Cisco

 The product that allows Cisco FMC to push security intelligence observable to its sensors from other products is Threat Intelligence Director (TID). TID is a feature of Cisco FMC that enables you to integrate third-party threat intelligence feeds into your security policies. TID collects, aggregates, and correlates observables from multiple sources, such as Cisco Talos Intelligence, Cisco Umbrella, and other external providers. TID then pushes the observables to the sensors that are managed by FMC, such as Firepower Threat Defense (FTD) devices, Firepower appliances, and Cisco Secure Firewall Cloud Native. The sensors can then use the observables to block or monitor traffic based on the reputation and threat level of the IP addresses, URLs, and domains12.

References: 1: Firepower Management Center Configuration Guide, Version 6.6 - Threat Intelligence Director [Cisco Secure Firewall Management Center] - Cisco 2: Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.6 - Threat Intelligence Director [Cisco Firepower NGFW] - Cisco