Cisco Updated 350-701 Exam Questions and Answers by crystal

Transparently identify users with authentication realms – This option is available when one or more authentication realms are configured to support transparent identification using one of the following authentication servers:

Active Directory – Create an NTLM or Kerberos authentication realm and enable transparent user identification. In addition, you must deploy a separate Active Directory agent such as Cisco’s Context Directory Agent. For more information, see Transparent User Identification with Active Directory.

LDAP – Create an LDAP authentication realm configured as an eDirectory, and enable transparent user identification. For more information, see Transparent User Identification with LDAP.

Details:

https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_01001.html#:~:text=Transparently%20identify%20users%20with%20authentication,User%20Identification%20with%20LDAP.

 The destination command is required to complete the flow record and specify the IP address of the Stealthwatch collector that will receive the NetFlow data. The transport udp 2055 command is also needed, but it is part of the flow exporter configuration, not the flow record. The match ipv4 ttl and cache timeout active 60 commands are optional and can be used to customize the flow record, but they are not mandatory. The flow record defines the fields that are collected and exported for each flow, such as source and destination IP addresses, ports, protocols, etc. The flow exporter defines the destination, source, transport protocol, and port for sending the NetFlow data. The flow monitor binds the flow record and the flow exporter together and applies them to an interface. The following is an example of a complete NetFlow configuration for sending data to Stealthwatch:

flow exporter EXPORTER description Export NetFlow to Stealthwatch destination 1.1.1.1 export-protocol netflow-v9 source Vlan100 transport udp 2055 ! flow record RECORD description NetFlow record match datalink mac source address input match datalink mac destination address input match datalink vlan input match ipv4 ttl match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input collect interface output collect counter bytes long collect counter packets long collect timestamp absolute first collect timestamp absolute last ! flow monitor IPv4_NETFLOW record RECORD exporter EXPORTER cache timeout active 60 ! interface <> ip flow monitor IPv4_NETFLOW input ! References : Configuring and Troubleshooting NetFlow for Stealthwatch, Cisco NetFlow Configuration, Building a Better Monitoring Solution with Flexible Netflow

 A private cloud is a cloud deployment model that is dedicated to a single organization and provides exclusive access to its resources and services. A private cloud can be hosted on-premises or off-premises by a third-party provider, but in either case, the organization has full control and visibility over the security, privacy, and compliance of its data and applications. A private cloud can also leverage the security features and best practices of the public cloud service provider, if applicable, while maintaining a higher degree of isolation and customization. A private cloud is the most secure deployment model when considering risks to cloud adoption, as it minimizes the exposure of sensitive data to external threats, reduces the dependency on the security posture of the cloud service provider, and enables the organization to meet its specific security and regulatory requirements123. References: 1: Best Practices to Manage Risks in the Cloud - ISACA 2: Security in the Microsoft Cloud Adoption Framework for Azure 3: Five challenges to cloud adoption and how to overcome them - PwC Middle East

Cisco AMP (Advanced Malware Protection) is a technology that provides a combination of endpoint protection, endpoint detection, and response. Cisco AMP protects endpoints from malware and other threats by using multiple prevention engines, including signatures, machine learning, and file reputation. Cisco AMP also continuously monitors and analyzes endpoint activity to detect malicious behavior and indicators of compromise. Cisco AMP can respond to threats by blocking, isolating, or removing malicious files, processes, or devices across the network. Cisco AMP leverages the cloud-based intelligence of Cisco Talos and Cisco Threat Grid to provide global threat visibility and analysis. Cisco AMP can also integrate with Cisco Umbrella and other security solutions to provide a comprehensive and unified approach to endpoint security. References:

Cisco Secure Endpoint (Formerly AMP for Endpoints)

Prevent, Detect and Respond with Cisco AMP for Endpoints

Provide State-of-the-Art Endpoint Protection as a Managed Service