Cisco Updated 350-701 Exam Questions and Answers by kylo

ZBFW stands for Zone-Based Firewall, which is a feature that allows unidirectional application of IOS firewall policies between groups of interfaces known as zones. Interfaces are assigned to zones, and firewall rules are applied to specific types of traffic moving in one direction between the zones. ZBFW enforces a secure inter-zone policy by default, meaning traffic cannot pass between security zones until an explicit policy allowing that traffic is defined. The zone itself is an abstraction of multiple interfaces with the same or similar security requirements that can be logically grouped together. ZBFW is CBAC’s replacement and offers intuitive policies for multiple-interface routers, increased granularity of firewall policy application, and a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is applied to allow desirable traffic. ZBFW is supported on IOS devices running 12.4(6)T or later, and ASR devices running 12.2(33) or later. References:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4: Securing the Cloud, Lesson 4.1: Introducing Cisco Cloud Services Router 1000V Series, Topic 4.1.2: Zone-Based Firewall

Understand the Zone-Based Policy Firewall Design

Managing Zone-based Firewall Rules

Zone Based Firewall Overview

CBAC vs. Zone-based firewall

A simple custom detection list is a feature of AMP for Endpoints that allows you to specify a list of file hashes (MD5, SHA-1, or SHA-256) that you want to detect, block, and quarantine on your endpoints. You can create a simple custom detection list from the Outbreak Control section of the AMP for Endpoints console, and apply it to a policy that is assigned to your endpoints. When the AMP connector on the endpoint encounters a file that matches the hash in the list, it will perform the action that you specified, such as blocking the file execution, sending an alert, or quarantining the file. A simple custom detection list is useful when you want to quickly and easily block specific files that are known to be malicious or unwanted, without having to create a complex signature or rule12 References := 1: Configure a Simple Custom Detection List on the AMP for Endpoints Portal 2: Create an Advanced Custom Detection List in Cisco Secure Endpoint

The switch port MAC address security setting that must be used is sticky. This option allows the switch to dynamically learn the MAC addresses of the devices connected to the port and add them to the running configuration. If the port is shut down or the switch is restarted, the MAC addresses remain associated with the port and are not aged out. This way, the engineer can limit the number of MAC addresses per port and prevent unauthorized devices from accessing the network. The sticky option also allows the engineer to manually configure some MAC addresses and let the switch learn the rest. References:

Configuring Port Security - Cisco (Section: Allowing Traffic Based on the Host MAC Address)

How to configure port-security on Cisco Switch - NetworkLessons.com (Section: Sticky MAC addresses)

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 (Module 5.1.1)