Secure Network Access Control - Next-Generation Endpoint Security

19 important questions on Secure Network Access Control - Next-Generation Endpoint Security

What is Cisco Talos?

Cisco Talos is the Cisco Threat Intelligence Organization. An Elite team of security experts who are supported by sophisticated security systems.
Created from three security research teams:
1. IronPort Security Applications (SecApps)
2. The Sourcefire Vulnerability Research Teamt (VRT)
3. The Cisco Threat Research, analysis and communcations (TRAC) team.

What are 7 intelligence feeds that the Cisco Talos team receives information from?

1. Advanced Microsoft and Industry disclosures
2. The Advanced Malware Protection (AMP) community
3. ClamAV, Snort, Immunet, SpamCop, SenderBase, Threat Grid and Talos User communities
4. Honeypots
5. The Sourcefire Awareness Education, Guidance, and Intelligence Sharing (AEGIS)
6. Private and public threat feeds
7. Dynamic Analysis

What is Cisco Threat Grid?

It is a Controlled and Monitored Sandbox environment where static file analysis (Scan Files) can be performed as well as dynamics file analysis (Run files)
  • Higher grades + faster learning
  • Never study anything twice
  • 100% sure, 100% understanding
Discover Study Smart

What is the Glovebox used for in Cisco Threat Grid?

To manually upload suspicious files into a sandbox environment and interact with them and observe their behaviour.

What is Cisco Advanced Malware Protection?

It is a malware analysis and protection solution that goes beyond point-in-time detection.

- Before (Global threat intelligence from Cisco Talo and Cisco Threat Grid feeds into AMP to protect against known and new emerging threats.

- During (File reputation to determine wheter a file is clean or malicious as well as sandboxing are used to identify threats during an attack

- After (Cisco AMP provides Retrospection, Indicators of Compromise, Tracking, Analysis and surgical remediation.

What are the 3 main components of Cisco AMP?

1. AMP Cloud (Private or Public)
2. AMP Connectors
3. Threat Intelligence from Cisco Talos and Cisco Threat Grid

What are 5 Cisco AMP Connectors?

1. AMP for Endpoints (Windows, Mac, android, ios, Linux)
2. AMP for Networks (NGFW, NGIPS, ISRs)
3. AMP for Email (ESA)
4. AMP for Web (WSA)
5. AMP for Meraki MX

What is Cisco Umbrella?

Formerly known as OpenDNS it is Secure Cloud DNS service that blocks requests to malicious internet destination using the DNS.

What is the Cisco Web Security Appliance (WSA)?

It is an all-in-one web gateway that includes a variaty of protections. Including malware defence and data loss prevention.

How can Cisco WSA be deployed?

In the cloud, as a virtual appliance, on premises or in a hybrid arrangement.

What is Cisco Email Security Appliance (ESA)?

It is an email security appliance that uses a multilayered approach. It uses a wide variety of advanced threat protection capabilities.

What are the 5 capabilities that an IPS system needs to be a Next-Generation IPS (NGIPS)?

1. Real-time contextual awareness
2. Advanced threat protection
3. Intelligent Security Automation
4. Unparalleled performance and scalability
5. Application visibility and control (AVC) and URL Filtering

What Cisco device is capable of NGIPS?

The Cisco Firepower NGIPS, added to the Cisco portfolio with the acquisition of Sourcefire in 2013.

What is Cisco Stealthwatch?

A collector and aggregator of network telemetry data that performs network security analysis and monitoring to automatically detect threats.

What are the 2 available Stealthwatch offerings?

1. Stealthwatch Enterprise?
2. Stealthwatch Cloud

What 3 components are required for Cisco Stealthwatch Enterprise?

1. Flow Rate License
2. Flow Collector
3. Stealthwatch Management Console (SMC)

What are the 2 options for Cisco Stealthwatch Cloud?

1. Public Cloud Monitoring
2. Private Network Monitoring

What is the Public Cloud Monitoring offering of Cisco Stealthwatch Cloud used for?

For monitoring and threat detection in AWS, GCP and Microsoft Azure.

What is the Private Network Monitoring offering of Cisco Stealthwatch Cloud used for?

It is a cloud based service for additional visibility and threat detection for the on premises network.

The question on the page originate from the summary of the following study material:

  • A unique study and practice tool
  • Never study anything twice again
  • Get the grades you hope for
  • 100% sure, 100% understanding
Remember faster, study better. Scientifically proven.
Trustpilot Logo