Cisco Updated 350-701 Exam Questions and Answers by tamara

 The Cisco WSA supports mainly two authentication protocols: LDAP and NTLM. LDAP is a standard protocol for accessing directory services, such as Active Directory or OpenLDAP. NTLM is a proprietary protocol for authenticating Windows clients to Windows servers. NTLM has two versions: NTLMv1 and NTLMv2. NTLMSSP (NT LAN Manager Security Support Provider) is a variant of NTLMv2 that provides additional security features, such as message integrity and confidentiality. The Cisco WSA supports both LDAP and NTLMSSP using basic authentication, which requires the user to enter a username and password. The Cisco WSA also supports Kerberos, which is a network authentication protocol that uses tickets to authenticate users and services. Kerberos is based on symmetric-key cryptography and requires a trusted third party, called the Key Distribution Center (KDC), to issue and validate tickets. Kerberos is more secure and efficient than NTLM, as it does not require the user to enter credentials repeatedly and does not send passwords over the network. The Cisco WSA supports Kerberos only in standard mode, not in cloud connector mode. The Cisco WSA does not support TACACS+ or CHAP as authentication protocols. TACACS+ is a Cisco proprietary protocol for authenticating network devices and users to a central server. CHAP is a challenge-response protocol for authenticating PPP connections. These protocols are not designed for web security appliances and are not compatible with the Cisco WSA. References:

User Guide for AsyncOS 11.0 for Cisco Web Security Appliances (Section: Acquire End-User Credentials)

Cisco WSA Authentication

WSA Authentication

Cisco SensorBase gathers threat information from a variety of Cisco products and services, such as Cisco IPS, Cisco ASA, Cisco IronPort, Cisco Umbrella, and Cisco Talos, and performs analytics to find patterns on threats. This process is called consumption, which is one of the four phases of the Cisco Security Intelligence Operations (SIO) framework. The consumption phase involves collecting, aggregating, and analyzing threat data from multiple sources and providing actionable intelligence and tools to customers and partners. The consumption phase also leverages the Cisco SensorBase Network, which is the world’s largest threat monitoring network that tracks millions of domains and IP addresses around the world and maintains a global watch list for Internet traffic. SensorBase provides Cisco with an assessment of reliability for known Internet domains and IP addresses, based on their reputation score, category, volume, and threat level. SensorBase also provides threat data overviews, such as the top email and spam senders by country, and the standard categories used to classify website content and attack types1234. References := 1: How Cisco’s SensorBase works | Network World 2: What is Cisco SensorBase? - networklore.com 3: User Guide for AsyncOS 15.0 for Cisco Secure Web Appliance - GD … 4: Cisco Security Intelligence Operations At-A-Glance

Anycast IP is a component of Cisco umbrella architecture that increases reliability of the service by allowing the same IP address to exist on multiple servers around the world. This way, the user’s request is automatically routed to the nearest and fastest data center, and failover is seamless in case of an outage. Anycast IP also reduces latency and improves performance by using BGP to select the shortest path to the destination12. References := 1: Why Cisco Umbrella uses anycast routing - Cisco Umbrella 2: Cisco Umbrella At a Glance

Explanation

Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also

known as posture, of all the endpoints that are connecting to a network for compliance with corporate security

policies.

A posture policy is a collection of posture requirements that are associated with one or more identity groups and

operating systems.

Posture-policy requirements can be set to mandatory, optional, or audit types in posture policies.

+ If a mandatory requirement fails, the user will be moved to Non-Compliant state

+ If an optional requirement fails, the user is allowed to skip the specified optional requirements and the user

is moved to Compliant state

This Qdid not clearly specify the type of posture policy requirement (mandatory or optional) is not met so the

user can be in Non-compliant or compliant state. But “noncompliant” is the best answer here.