Chapter 5 Network Visibility & Segmentation

¡Supera tus tareas y exámenes ahora con Quizwiz!

personas

Cisco ISE scales by deploying service instances called "______" in a distributed architecture. personas SGTs uSeg EPGs pxGrid

SMC and FlowCollector

Cisco Stealthwatch components can be deployed as physical or virtual appliances. The two minimum required components are ___________. SMC and FlowSensor SMC and FlowCollector FlowSensor and FlowCollector None of these options is correct.

five-tuple

A flow is a unidirectional series of packets between a given source and destination. In a flow, the same source and destination IP addresses, source and destination ports, and IP protocol are shared. This is often referred to as the ________. five-tuple five elements NetFlow intelligence IPFIX

uSeg EPGs

A micro-segment in ACI is also often referred to as ____________. uSeg SGT uSeg EPGs SCVMM None of these answers is correct.

All of the options are correct.

Depending on the version of NetFlow, the router can also gather additional information, such as which of the following? Type of service (ToS) byte Differentiated services code point (DSCP) The device's input interface TCP flags All of the options are correct.

IPFIX is considered to be a push protocol.

IPFIX is considered what type of protocol? IPFIX is considered to be an active protocol. IPFIX is considered to be a pull protocol. IPFIX is considered to be a passive protocol. IPFIX is considered to be a push protocol.

SCTP

IPFIX uses which of the following protocols to provide a packet transport service designed to support several features beyond TCP or UDP capabilities? SCP SCTP pxGrid EPG

SCTP

IPFIX uses_____, which provides a packet transport service designed to support several features beyond TCP or UDP capabilities. SCTP SFTP FTPS HTTP

NetFlow v9

IPFIX was originally created based on which of the following? NetFlow v5 NetFlow v9 Flexible NetFlow None of the above

feature netflow

In NX-OS, NetFlow CLI commands are not available until you enable which of the following commands? netflow collection enable feature netflow ip netflow enable ip netflow run

monitor

Many organizations initially deploy 802.1X in ________ mode to scope the deployment and prevent user productivity from being impacted while changes are being implemented. monitor active standby high-availability

Define a flow record.

What is the first step of NetFlow configuration in the Cisco NX-OS Software? Define a flow record. Define a flow exporter. Define a flow monitor. Apply the flow monitor to an interface

Define a flow exporter.

What is the second step of NetFlow configuration in the Cisco NX-OS Software? Define a flow record. Define a flow exporter. Define a flow monitor. Apply the flow monitor to an interface

Cisco ACI

You have been asked to provide a segmentation strategy for applications residing in Docker containers and in virtual machines in a large data center. Which of the following technologies will you choose for such deployment? Cisco ETA Cisco ACI VLANs and firewalls None of these answers is correct.

All of the options are correct.

When SGTs are provisioned by Cisco ISE, they are downloaded to network devices within the environment data. Which of the following are things to take into consideration about classification and SGT provisioning? Typically, servers are classified into groups using static classification. IP and Subnet-to-SGT mappings can be centrally managed from Cisco ISE and deployed to networking devices using SSH or SXP. Dynamic classification is typically used for user, endpoint, or guest authentications by using 802.1X, MAB, WebAuth, or PassiveID, or they can also be learned from a Cisco ACI APIC (in the case of a Cisco ACI deployment). All of the options are correct.

time-stamped

When using network telemetry sources that are correlated with NetFlow, it is extremely important that your syslog and other messages are _____ correctly. configured time-stamped applied saved

You must first configure the secondary ISE node and then the primary ISE node to avoid network disruption.

When you first deploy a Cisco ISE node, all the default services provided by the Administration, Policy Service, and Monitoring personas will be enabled. Which of the following statements is not true? The Cisco ISE node will be in a standalone mode. You must first configure a primary ISE node and then register secondary ISE nodes to the primary ISE node. You must first configure the secondary ISE node and then the primary ISE node to avoid network disruption. You cannot edit the personas or services of a standalone Cisco ISE node.

FlowReplicator

Which Cisco Stealthwatch component is a physical appliance used to forward NetFlow data as a single data stream to other devices?

FlowCollector

Which Cisco Stealthwatch component is a physical or virtual appliance that collects NetFlow data from infrastructure devices?

Preparation

Which is the first step of The National Institute of Standards and Technology's methodology on security incident handling? Preparation Detection and analysis Containment, eradication, and recovery Post-incident activity (postmortem and lessons learned)

Post-Incident Activity

Which is the fourth step of The National Institute of Standards and Technology's methodology on security incident handling? Preparation Detection and analysis Containment, eradication, and recovery Post-incident activity (postmortem and lessons learned)

Flexible NetFlow NetFlow v9

Which of the following NetFlow versions support templates? (Select all that apply.) Flexible NetFlow NetFlow v2 NetFlow v9 NetFlow v5 NetFlow v8

VLANs VRFs

Which of the following are Layer 2 technologies that security professionals have used for policy enforcement and segmentation? (Select two.) VLANs Routing protocols VRFs Route reflectors

All of these answers are correct.

Which of the following are components of the Cisco ETA solution to identify malicious (malware) communications in encrypted traffic through passive monitoring, the extraction of relevant data elements, and a combination of behavioral modeling and machine learning? NetFlow Cisco Stealthwatch Cisco Cognitive Threat Analytics All of these answers are correct.

All of the options are correct.

Which of the following are the main Flexible NetFlow components? Records Flow monitors Flow exporters Flow samplers All of the options are correct.

All of these answers are correct.

Which of the following is a NetFlow deployment best practice? NetFlow should be enabled as close to the access layer as possible (user access layer, data center access layer, in VPN termination points, and so on). All NetFlow records belonging to a flow should be sent to the same collector. To gain network visibility, Test Access Ports (TAPs) or Switched Port Analyzer (SPAN) ports must be configured when the Cisco Stealthwatch FlowSensors are deployed. All of these answers are correct.

Stealthwatch FlowSensor

Which of the following is a physical or virtual appliance that can generate NetFlow data when legacy Cisco network infrastructure components are not capable of producing line-rate, unsampled NetFlow data? Stealthwatch FlowSensor Stealthwatch FlowCollector Stealthwatch FlowReplicator Stealthwatch FlowGenerator

FlowReplicator

Which of the following is not a Cisco ETA component? NetFlow Cisco Stealthwatch FlowReplicator Cisco Cognitive Threat Analytics

Distributed cache

Which of the following is not a NetFlow cache type?

All of these options are correct.

Which of the following network telemetry sources can also be correlated with NetFlow while responding to security incidents and performing network forensics? Syslog 802.1X authentication logs VPN logs All of these options are correct.

In Microsoft's Azure, the equivalent of NetFlow is called VPC Flow Logs.

Which of the following statements is not true? In Amazon AWS, the equivalent of NetFlow is called VPC Flow Logs. Google Cloud Platform supports VPC Flow Logs (or Google-branded GPC Flow Logs). In Microsoft's Azure, traffic flows are collected in network security group (NSG) flow logs. In Microsoft's Azure, the equivalent of NetFlow is called VPC Flow Logs.

A Cisco Stealthwatch FlowSensor replaces a Cisco Stealthwatch FlowCollector in several deployment models.

Which of the following statements is not true? The Cisco Stealthwatch FlowSensor is a network appliance that functions similarly to a traditional packet capture appliance or IDS in that it connects into a Switch Port Analyzer (SPAN), mirror port, or a Test Access Port (TAP). The Cisco Stealthwatch FlowSensor augments visibility where NetFlow is not available in the infrastructure device (router, switch, and so on) or where NetFlow is available but you want deeper visibility into performance metrics and packet data. You typically configure the Cisco Stealthwatch FlowSensor in combination with a Cisco Stealthwatch FlowCollector. A Cisco Stealthwatch FlowSensor replaces a Cisco Stealthwatch FlowCollector in several deployment models.

All of these answers are correct

Which of the following technologies can be deployed to gain network visibility and awareness of security threats? NetFlow IPFIX Cisco Stealthwatch All of these answers are correct.

NetFlow supports IPv4 and IPv6.

Which of the statements is true about NetFlow? NetFlow supports IPv4 and IPv6. NetFlow supports IPv4 and IPv6 was introduced with IPFIX. IPFIX supports only IPv4. None of these answers is correct.

FlowCollectors deployed at multiple sites and placed close to the source producing the highest number of NetFlow records.

Which type of the following deployment models has the advantage of limiting the overhead introduced by NetFlow? FlowCollectors deployed at multiple sites and placed close to the source producing the highest number of NetFlow records. FlowCollectors deployed in a centralized area and placed to handle the highest number of NetFlow records. Using asymmetric routing to send NetFlow records to the same SMC, not to different collectors. None of the above


Conjuntos de estudio relacionados

Chapter 40: Management of Patients with Gastric and Duodenal Disorders

View Set

Life & Accident & Sickness License

View Set

Spanish 2 Identificar Listen to each question and select the appropriate category.

View Set

Prep U, PN 125: Chapter 3:Toxic Effects of Drugs

View Set

日本語総まとめN2漢字第2週

View Set