Cisco Updated 350-701 Exam Questions and Answers by peyton

 Cisco Stealthwatch is the only solution that detects threats across your private network, public clouds, and encrypted traffic. It uses network telemetry and advanced behavioral analytics to monitor network activity and identify anomalies that indicate potential threats. It also leverages Cisco Encrypted Traffic Analytics (ETA) to detect malware in encrypted traffic without decryption. Cisco Stealthwatch provides visibility, threat detection, and response across your entire network and cloud environment1234 References := 1: Cisco Stealthwatch detects threats across private networks, public clouds, and encrypted traffic - Cisco Blogs 2: The XDR Solution to the Ransomware Problem - Cisco Blogs 3: Network Threat Detection and Response with Cisco Stealthwatch - Locuz 4: Cisco Secure Network Analytics (Stealthwatch) - Cisco

Cisco Stealthwatch Cloud is a cloud-delivered and SaaS-based solution that provides visibility and threat detection across the AWS network. It does not require any software agents to be installed on the AWS instances, and it relies on AWS VPC flow logs to collect network traffic metadata. Cisco Stealthwatch Cloud analyzes the flow logs using machine learning and behavioral modeling to detect anomalies and threats, such as data exfiltration, lateral movement, reconnaissance, and compromised instances. Cisco Stealthwatch Cloud also provides contextual information and actionable alerts to help users respond to incidents and remediate issues.

Cisco Umbrella is a cloud-delivered and SaaS-based solution that provides DNS-layer security and web filtering for internet traffic. It does not provide visibility and threat detection for internal AWS network traffic, and it requires software agents to be installed on the endpoints or network devices to enforce policies and redirect DNS requests.

NetFlow collectors are devices or software applications that collect and analyze NetFlow records, which are generated by network devices to capture information about IP traffic flows. NetFlow collectors can provide visibility and threat detection for network traffic, but they are not cloud-delivered or SaaS-based solutions. They also require NetFlow exporters to be configured on the network devices, which may not be supported by AWS.

Cisco Cloudlock is a cloud-delivered and SaaS-based solution that provides cloud security posture management (CSPM) and cloud access security broker (CASB) capabilities for cloud applications and environments. It does not provide visibility and threat detection for AWS network traffic, and it does not rely on AWS VPC flow logs. It focuses on protecting cloud data, users, and configurations from misconfigurations, compliance violations, and malicious activities. References :=

Cisco Stealthwatch Cloud for AWS

Cisco Umbrella

NetFlow

[Cisco Cloudlock]

Explanation

SNMP polling can often be in the order of 5-10 minutes, CLIs are unstructured and prone to change which can often break scripts.

The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data.

Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.

Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Referfence: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide/streaming telemetry

 Transparent mode is a Cisco ASA deployment model that allows the ASA to act as a bump in the wire, or a stealth firewall. In this mode, the ASA does not have an IP address on the network, and it does not participate in routing. Instead, it filters traffic between hosts in the same IP subnet using higher-level protocols such as TCP, UDP, and ICMP. Transparent mode is useful when you want to apply security policies without readdressing the network or changing the default gateway of the hosts. Some of the benefits of transparent mode are:

It preserves the original source and destination IP addresses of the packets, which can be useful for logging and auditing purposes.

It simplifies the configuration of the ASA, as you do not need to configure routing protocols, NAT, or DHCP.

It allows the ASA to inspect non-IP traffic, such as ARP, STP, and CDP.

It supports multiple contexts, which can provide logical separation of traffic for different tenants or customers.

Some of the limitations of transparent mode are:

It does not support VPN, dynamic routing, multicast routing, or QoS.

It requires the use of EtherType ACLs to filter non-IP traffic, which can be complex and cumbersome.

It requires the use of bridge groups and bridge domains to define the interfaces and VLANs that belong to the same broadcast domain.

It requires the use of MAC address learning and aging to maintain a MAC address table for each bridge group.

References :=

Some possible references are:

Cisco ASA Series Firewall CLI Configuration Guide, 9.10 - Transparent Firewall Mode

Deploying ASA - Cisco

Cisco ASA 5500-X Series Firewalls - Configuration Guides - Cisco