What is an advantage of network telemetry over SNMP pulls?
Answer : D
Network telemetry is a technology that allows network devices to push data to a collector in real time, rather than waiting for the collector to pull data from them. This improves the efficiency and accuracy of data collection, and enables the monitoring of a large number of network devices. SNMP, on the other hand, is a protocol that uses a pull model, where the collector requests data from the devices periodically. This can cause delays, gaps, and overhead in data collection, and limit the scalability of network monitoring. Therefore, network telemetry has an advantage over SNMP pulls in terms of scalability.Reference:
What Is Telemetry? Telemetry vs. SNMP - Huawei
Streaming telemetry challenges SNMP in large, complex networks
Network streaming telemetry: Monitoring in ''real-time'' - Paessler
An Overview of Network Telemetry - Geek Speak - Resources - THWACK
Question 2
[Security Concepts]
On which part of the IT environment does DevSecOps focus?
Answer : A
DevSecOps is a development practice that integrates security into all phases of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery. DevSecOps focuses on application development, as it aims to deliver secure and robust applications that meet the customers' needs and expectations. DevSecOps also makes security a shared responsibility of development, security, and operations teams, rather than a separate silo. DevSecOps enables faster and safer software delivery by automating security processes and tools, and addressing security issues as they emerge, rather than at the end of the cycle.
Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 6: Securing the Data Center, Lesson 6.2: DevSecOps
What Is DevSecOps? Definition and Best Practices | Microsoft Security
What is DevSecOps? | IBM
What is DevSecOps? | DevSecOps vs. DevOps | VMware
Question 3
[Security Concepts]
Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two.)
Answer : A, B
To configure a flow-export action on a Cisco ASA, you need to use theflow-export event-typecommand and thepolicy-mapcommand. The flow-export event-type command specifies the type of events that trigger the export of NetFlow Security Event Logging (NSEL) records to a collector. The policy-map command creates or modifies a policy map that can be applied to one or more interfaces to specify a service policy. A service policy consists of a traffic class and one or more actions to be applied to the traffic class. One of the actions can be a flow-export action that matches the NSEL events and sends them to a collector. The other commands are not required for configuring a flow-export action. Theaccess-listcommand creates or modifies an access list that can be used to filter traffic or match traffic classes, but it is not mandatory for a flow-export action. Theflow-export template timeout-ratecommand specifies how often the ASA sends the template to the collector, but it is not part of the flow-export action configuration. Theaccess-groupcommand applies an access list to an interface, but it is not related to the flow-export action.Reference:
Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4 and 8.6 - Configuring Network Secure Event Logging (NSEL)
Solved: Flow-Export problem - Cisco Community
How to configure NetFlow on Cisco ASA firewalls - Auvik Support
Configuring Cisco's ASA for NSEL Export to the StealthWatch System
Question 4
[Security Concepts]
Which SNMPv3 configuration must be used to support the strongest security possible?
Answer : D
The strongest security possible for SNMPv3 requires both authentication and encryption, which is achieved by using theprivsecurity level. Authentication ensures that the message is from a valid source, and encryption scrambles the content of the packet to prevent it from being learned by an unauthorized source. Theauth shaandpriv aes 256parameters specify the algorithms used for authentication and encryption, respectively. SHA is more secure than MD5, and AES 256 is more secure than DES or 3DES. Therefore, option D is the correct answer, as it uses theprivsecurity level, the SHA algorithm for authentication, and the AES 256 algorithm for encryption. The other options either use a lower security level (noauthorauthNoPriv), a weaker encryption algorithm (desor3des), or no encryption at all.Reference:=
Configuration Template for SNMPv3 - Cisco Community
SNMP Version 3 - Cisco
Question 5
[Security Concepts]
What features does Cisco FTDv provide over ASAv?
Answer : D
Cisco FTDv is a virtual appliance that combines the features of Cisco ASA and Cisco Firepower NGIPS. It provides stateful firewall, IPS, URL filtering, malware protection, and other advanced security functions. Cisco ASAv is a virtual appliance that only provides stateful firewall and VPN features. It does not support URL filtering or other Firepower functions. Therefore, Cisco FTDv provides more features than ASAv, especially for next-generation firewall capabilities.Reference:=
Cisco Firewall in AWS - Should i use ASAv or FTDv/FMCv?
Difference between Cisco ASAv, NGIPSv and FTDv...?
Are there any differences in features between Cisco ASA hardware ...
Question 6
[Security Concepts]
Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?
Answer : D
Question 7
[Endpoint Protection and Detection]
Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the
network?
Answer : A
Posture is a feature within Cisco ISE that verifies the compliance of an endpoint before providing access to the network. Posture assessment checks the state of the endpoint, such as the operating system, antivirus, firewall, patches, and so on, against the predefined policies. If the endpoint does not meet the policy requirements, it can be remediated by installing or updating the necessary software or configuration. Posture assessment can be done for both wired and wireless endpoints, as well as VPN clients. Posture assessment requires the installation of a posture agent on the endpoint, which communicates with the posture service on the ISE server. The posture agent can be either a persistent agent, which runs in the background and provides continuous assessment, or a temporal agent, which runs on-demand and is removed after the assessment is complete. Posture assessment can be integrated with 802.1X or web authentication methods for network access control.Reference:=
Some possible references are:
ISE Posture Prescriptive Deployment Guide
ISE Posture Deployment Best Practices and Considerations
All Official Question Types