Cisco Updated 350-701 Exam Questions and Answers by alaina

Cisco Umbrella is a cloud-delivered and SaaS-based solution that provides DNS-layer security and web filtering for internet traffic. It blocks requests to malicious domains or IPs before a connection is even established, and logs and inspects all web traffic for greater transparency, control, and protection1.

However, not all domains or IPs are clearly malicious or benign. Some of them may be risky, meaning that they host both legitimate and malicious content, or that they have a low reputation score based on various factors. For these domains or IPs, Cisco Umbrella offers the option to proxy the traffic through the intelligent proxy, which is a selective web proxy that performs deeper inspection and analysis of the web content2.

The intelligent proxy can apply URL filtering, file inspection, and file type control to the proxied traffic, and block or allow it based on the policy settings. The intelligent proxy can also leverage Cisco Advanced Malware Protection (AMP) and antivirus engines to scan files for malware and threats3.

Therefore, by using the intelligent proxy, Cisco Umbrella can manage traffic that is directed toward risky domains more effectively, and provide an additional layer of security and visibility for the organization.

References :=

• Manage the Intelligent Proxy
• Manage File Inspection
• Cisco Umbrella At a Glance

SHA-2 is a family of hash functions that includes SHA-256, SHA-384, and SHA-512. SHA-2 is part of the Next Generation Encryption (NGE) suite of cryptographic algorithms that Cisco recommends for strong security and good performance. SHA-2 is believed to be quantum-computer resistant, meaning that it would not be easily broken by a hypothetical quantum-computer. SHA-2 is also more secure than older hash functions such as MD5 and SHA-1, which have been shown to have weaknesses and collisions. SHA-2 is widely used in various protocols and functions, such as digital signatures, integrity verification, and key derivation. References: 1

https://sec.cloudapps.cisco.com/security/center/resources/next_generation_cryptography

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html

 Cisco AMP for Endpoints provides next-generation protection by leveraging an endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities. EPP is a set of multifaceted prevention techniques that stop threats from compromising endpoints, such as behavioral analytics, machine learning, and signature-based methods. EDR is a set of powerful features that reduce the attack surface and remediate faster, such as advanced threat hunting, endpoint isolation, and dynamic malware analysis. Cisco AMP for Endpoints also integrates with SecureX, a built-in platform that offers extended detection and response (XDR) capabilities across multiple control points, such as network, cloud, email, and web. By combining EPP, EDR, and XDR, Cisco AMP for Endpoints delivers a comprehensive and resilient endpoint security solution that can detect, respond, and recover from sophisticated attacks. References:

• Cisco Secure Endpoint (Formerly AMP for Endpoints) - Cisco
• Cisco Secure Endpoint (Formerly AMP for Endpoints) - Cisco
• Cisco Secure Endpoint (Formerly AMP for Endpoints) - Cisco

 The process that uses STIX and allows uploads and downloads of block lists is sharing. STIX (Structured Threat Information Expression) is a standard language and format for exchanging cyber threat intelligence data. Block lists are collections of observables, such as IP addresses, URLs, or domains, that are associated with malicious activity and can be used to block or monitor network traffic. Cisco Threat Intelligence Director (TID) is a feature that operationalizes threat intelligence data by consuming, normalizing, publishing, and correlating data from various sources, including third-party STIX feeds. TID enables the administrator to upload STIX files from local or remote sources, or download STIX files from the Firepower Management Center (FMC) to share with other systems. TID also allows the administrator to configure actions (such as block or monitor) based on the indicators and observables in the STIX files, and generate incidents and observations when the system detects traffic that matches the threat intelligence data123

References := 1: Firepower Management Center Configuration Guide, Version 6.2.3 - Threat Intelligence Director 2 2: Introduction to STIX - GitHub Pages 4 3: Third-Party Integration of Security Feeds with FMC (Cisco Threat Intelligence Director) - Cisco Community 3