Cisco Updated 350-201 Exam Questions and Answers by ella-mae

To mitigate attacks on a webserver from the Internet, it’s crucial to implement security measures that control the traffic reaching the server and provide an additional layer of abstraction.

A. Create an ACL on the firewall to allow only TLS 1.3: This step ensures that only secure, encrypted traffic using the latest version of the TLS protocol can reach the webserver. TLS 1.3 includes improvements over previous versions that enhance security and performance, making it a strong choice for protecting web traffic.

B. Implement a proxy server in the DMZ network: A proxy server acts as an intermediary between users on the Internet and the webserver. It can provide additional security features like content filtering and load balancing. By processing requests and responses through the proxy, direct access to the webserver is avoided, reducing the attack surface.

Options C and D are less effective in this context: C. Create an ACL on the firewall to allow only external connections: This would not be a mitigation step, as it does not restrict the type of traffic or provide additional security measures. D. Move the webserver to the internal network: This could potentially expose the internal network to more risks if the webserver is compromised. It’s generally safer to keep public-facing services in a DMZ.

One limitation of cyber security risk insurance is that it often does not cover the costs of damage done by third parties as a result of a cyber attack. This can include damages that result from the actions of partners, suppliers, or other external entities affected by the attack

The recommended action to mitigate an attack that is broadcasting a large number of ICMP packets using a spoofed source IP address is to use the subinterface command no ip directed-broadcast. This command prevents the Cisco IOS device from forwarding packets that are addressed to IP broadcast addresses. By disabling the directed broadcast feature, the network devices will not respond to broadcast messages sent to the network’s broadcast address, thus mitigating the attack and preventing the amplification of the ICMP packets back to the victim’s IP address.

 When an email attachment’s hash has no history in open source intelligence databases, the next step is to obtain a copy of the file for analysis in a controlled environment, known as a sandbox. This allows the analyst to observe the behavior of the file without risking the security of the network or systems