Explanation

Explanation

You can also bring up the port by using these commands:

+ The “shutdown” interface configuration command followed by the “no shutdown” interface configuration

command restarts the disabled port.

+ The “errdisable recovery cause …” global configuration command enables the timer to automatically recover error-disabled state, and the “errdisable recovery interval interval” global configuration command specifies the time to recover error-disabled state.

Explanation

Explanation

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more

verification factors to gain access to a resource. MFA requires means of verification that unauthorized users

won’t have.

Proper multi-factor authentication uses factors from at least two different categories.

MFA methods:

+ Knowledge – usually a password – is the most commonly used tool in MFA solutions. However, despite their

simplicity, passwords have become a security problem and slow down productivity.

+ Physical factors – also called possession factors–use tokens, such as a USB dongle or a portable device,

that generate a temporary QR (quick response) code. Mobile phones are commonly used, as they have the

advantage of being readily available in most situations.

+ Inherent – This category includes biometrics like fingerprint, face, and retina scans. As technology advances,

it may also include voice ID or other behavioral inputs like keystroke metrics. Because inherent factors are

reliably unique, always present, and secure, this category shows promise.

+ Location-based and time-based – Authentication systems can use GPS coordinates, network parameters,

and metadata for the network in use, and device recognition for MFA. Adaptive authentication combines these

data points with historical or contextual user data.

A time factor in conjunction with a location factor could detect an attacker attempting to authenticate in Europe

when the user was last authenticated in California an hour prior, for example.

+ Time-based one-time password (TOTP) – This is generally used in 2FA but could apply to any MFA

method where a second step is introduced dynamically at login upon completing a first step. The wait for a

second step–in which temporary passcodes are sent by SMS or email–is usually brief, and the process is easy

to use for a wide range of users and devices. This method is currently widely used.

+ Social media – In this case a user grants permission for a website to use their social media username and

password for login. This provide an easy login process, and one generally available to all users.

+ Risk-based authentication – Sometimes called adaptive multi-factor authentication, this method combines

adaptive authentication and algorithms that calculate risk and observe the context of specific login requests.

The goal of this method is to reduce redundant logins and provide a more user-friendly workflow.

+ Push-based 2FA – Push-based 2FA improves on SMS and TOTP 2FA by adding additional layers of security

while improving ease of use. It confirms a user’s identity with multiple factors of authentication that other

methods cannot. Because push-based 2FA sends notifications through data networks like cellular or Wi-Fi,

users must have data access on their mobile devices to use the 2FA functionality.

Explanation

SNMP polling can often be in the order of 5-10 minutes, CLIs are unstructured and prone to change which can often break scripts.

The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data.

Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.

Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Referfence: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide/streaming telemetry

Explanation

Unlike the traditional software life cycle, the CI/CD implementation process gives a weekly or daily update

instead of monthly or quarterly. The fun part is customers won’t even realize the update is in their applications,

as they happen on the fly.

In order to send web traffic transparently to the Web Security Appliance (WSA), the system administrator can use one of these two methods:

Policy-based routing (PBR) on the network infrastructure: This method allows the administrator to define routing policies based on the source or destination IP address, port number, protocol, or other criteria of the web traffic. The administrator can then apply these policies to the network interfaces or subinterfaces and redirect the matching traffic to the WSA. This method does not require any configuration on the client side and can be applied to any type of web traffic, including HTTPS and FTP. However, this method may require additional network resources and maintenance, as well as coordination with other network administrators.

Web Cache Communication Protocol (WCCP) on the WSA and the network device: This method allows the administrator to configure the WSA and the network device (such as a router, switch, or firewall) to communicate with each other using WCCP, a Cisco proprietary protocol. The network device acts as a WCCP router and redirects the web traffic to the WSA, which acts as a WCCP client. The WSA then processes the traffic and returns it to the network device, which forwards it to the original destination. This method does not require any configuration on the client side and can be applied to HTTP, HTTPS, and native FTP traffic. However, this method requires that the network device supports WCCP and that the WSA and the network device are in the same Layer 2 domain.

A basic SYN flood attack is a type of denial-of-service (DoS) attack that aims to exhaust the resources of a server by sending a large number of SYN packets and not completing the TCP three-way handshake. The intent of this attack is to exceed the threshold limit of the connection queue, which is the data structure that stores the information about the pending connections. By doing so, the attacker prevents legitimate clients from establishing connections with the server, as the server cannot accept any more SYN requests. A SYN flood attack can be performed with spoofed IP addresses or without IP spoofing, depending on the attacker’s strategy and the server’s configuration. References: [Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 3: Securing Networks with Firewalls, Lesson 3.2: Firewall Technologies, Topic 3.2.1: Firewall Technologies Overview, Page 8. SYN flood DDoS attack | Cloudflare. How to Perform TCP SYN Flood DoS Attack & Detect it with Wireshark - Kali Linux hping3. SYN flood - Wikipedia. SYN Flood Attack | SpringerLink. What Is a SYN Flood Attack? | F5.

Cisco Umbrella Investigate provides a comprehensive view of Internet domains, IP addresses, and autonomous systems, offering a wealth of information about the infrastructure of the internet. It helps security analysts and threat investigators to pinpoint current and emerging threats by providing access to data from Cisco ' s global network, thereby enabling the identification of attackers and malicious infrastructures.

Explanation

Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.

Answer C is not correct because the statement “Cross-site Scripting is when executives in a corporation are attacked” is not true. XSS is a client-side vulnerability that targets other application users.

Answer D is not correct because the statement “Cross-site Scripting is an attack where code is executed from the server side”. In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client’s side.

Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where

attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST

parameters.

Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

URL conditions in access control rules allow you to limit the websites that users on your network can access. This feature is called URL filtering. There are two ways you can use access control to specify URLs you want to block (or, conversely, allow):

– With any license, you can manually specify individual URLs, groups of URLs, and URL lists and feeds to achieve granular, custom control over web traffic.

– With a URL Filtering license, you can also control access to websites based on the URL’s general

classification, or category, and risk level, or reputation. The system displays this category and reputation data in connection logs, intrusion events, and application details.

Using category and reputation data also simplifies policy creation and administration. It grants you assurance that the system will control web traffic as expected. Finally, because Cisco’s threat intelligence is continually updated with new URLs, as well as new categories and risks for existing URLs, you can ensure that the system uses up-to-date information to filter requested URLs. Malicious sites that represent security threats such as malware, spam, botnets, and phishing may appear and disappear faster than you can update and deploy new policies.

 Cisco AMP for Endpoints and Cisco Umbrella Roaming Client are both security solutions that protect mobile users from threats, but they have different functions and features. Cisco AMP for Endpoints is a cloud-managed endpoint security solution that stops and tracks malicious activity on hosts, such as malware execution, file behavior, and command-and-control callbacks. It also provides threat intelligence, sandboxing, and retrospective analysis to detect and respond to advanced threats. Cisco Umbrella Roaming Client is a lightweight DNS client that tracks only URL-based threats, such as phishing, ransomware, and botnets. It prevents connections to malicious domains and IP addresses, and provides visibility and enforcement for off-network devices. It also integrates with Cisco AnyConnect VPN client to provide seamless protection for VPN and non-VPN traffic. Therefore, the functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client is that AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats. References :=

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.1: Cisco AMP for Endpoints Overview

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.2: Cisco AMP for Endpoints Architecture and Components

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.3: Cisco AMP for Endpoints Installation and Configuration

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.4: Cisco AMP for Endpoints Analysis and Response

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.5: Cisco Umbrella Overview

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.6: Cisco Umbrella Architecture and Components

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.7: Cisco Umbrella Roaming Client

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Endpoint Protection and Detection, Lesson 3.8: Cisco Umbrella Policies and Reporting

Best Mobile Cybersecurity Solution - Cisco Umbrella

Explanation

Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control.

The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.

Explanation

Explanation

A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target

machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP

fragmentation reassembly, the packets overlap one another, crashing the target network device. This generally happens on older operating systems such as Windows 3.1x, Windows 95, Windows NT and versions of the Linux kernel prior to 2.1.63.

Explanation

" configure INTRUSION RULES for DNP3 " - > Documentation states, that enabling INTRUSION RULES is mandatory for CIP to work + required preprocessors (in Network Access Policy - NAP) will be enabled automatically:

" If you want the CIP preprocessor rules listed in the following table to generate events, you MUST enable them. See Setting Intrusion Rule States for information on enabling rules. "

" If the Modbus, DNP3, or CIP preprocessor is disabled, and you enable and deploy an intrusion rule that requires one of these preprocessors, the system automatically uses the required preprocessor, with its current settings, although the preprocessor remains disabled in the web interface for the corresponding network analysis policy. "

[1] https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/scada_preprocessors.html