Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Identify the statements that describe components of the of the SecureX architecture. (Choose two)
Correct. At the core of the Cisco SecureX Architecture is context awareness, which allows enforcement elements to use information such as the identity of the user, the security posture of the connecting device, the point of access to the network, and many other components, in order to define the access policy.
Correct. The Cisco AnyConnect client is an essential component, providing a consistent user interface and consolidating traditional function-specific client software products into one product.
Incorrect. An important element of Cisco SecureX is Cisco Security Intelligence Operations (SIO), a cloud-based security service that consists of a web-based global network of shared resources, software, and information that is provided to Cisco customers and devices on demand.
Incorrect. The Cisco TrustSec function extends the access control functionality end-to-end, using security group tags to mark traffic and allow other network elements throughout the network to enforce policy.
You plan on implementing TrustSec in the network infrastructure. What statement best describes its use?
Correct. Cisco TrustSec provides a policy-based platform, the Cisco Identity Services Engine, that offers integrated posture, profiling and guest services to make context-aware access control decisions.
Incorrect. Network Security Zoning intends to assist network architects and security practitioners with the appropriate placement of services.
Incorrect. The Cisco modular network architecture describes best practices, designs and configurations, and provides network and security engineers with the necessary information to help them succeed in designing, implementing, and operating secure network infrastructures based on Cisco products and technologies.
Incorrect. It is the Cisco SecureX Architecture, supported by Cisco Security Intelligence Operations (SIO) that helps organizations accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving, constantly changing threatscape.
What statements describe Cisco SecureX security architecture solutions that you can use to enforce security? (Choose three)
Correct. The security infrastructure helps to prevent intruder access by detecting and blocking attacks and exploits. Using firewall and intrusion prevention in standalone and integrated deployment options customers can prevents attacks and meet compliance requirements.
Incorrect. Security management does not provide secure access to networks and resources using Cisco TrustSec.
Correct. Cisco provides VPN, wireless security, and remote workforce security solutions that extend network access safely and easily to a wide range of users and devices. It offers comprehensive and versatile connectivity options, endpoints, and platforms.
Incorrect. Used in conjunction with Cisco TrustSec, secure access control to networks and network resources is provided via policy-based access control, identity aware networking, and data integrity and confidentiality services.
Correct. Cisco email and web security solutions reduce the costly downtime that is associated with email based spam, viruses, and web threats.
In what ways can ACLs protect the data plane? (Choose five)
Correct. You can use ACLs to filter incoming or outgoing packets on an interface, and control access using source addresses, destination addresses, or user authentication. You can also use access lists to determine which types of traffic are forwarded or blocked at the router interfaces. For example, you can permit email traffic to be routed, but at the same time block all Telnet traffic.
Correct. ACLs allow security practitioners to implement recommended practices to mitigate spoofing attacks. The guidelines that are found in several RFCs provide basic filtering, and can be easily deployed using ACLs.
Correct. There are a number of ways to use ACLs to reduce the chance of DoS attacks. For example, by specifying IP source addresses, you can control whether traffic from hosts, networks, or users access your network. You can filter on specific TTL values in packets to control how many hops a packet can take before reaching a router in your network. You can also use the TCP Intercept feature to prevent servers from being flooded with requests.
Correct. An access list on a slow link can prevent excess traffic. For example, if windows SMS traffic is overtaking a link, you can configure an access list to only allow this traffic between certain hours of the day, or deny it altogether to free up bandwidth.
Correct. You can place an access list on inbound vty â€“ Telnet â€“ line access from certain nodes or networks. For the control plane, access lists can control routing updates being sent, received, or redistributed.
Incorrect. ACLs cannot be used to provide port security. Port security itself is a feature found on Cisco Catalyst Switches used to provide Layer 2 data plane protection. It works to prevent MAC flooding attacks, and does not need ACLs to perform this feature.
Incorrect. RBAC is an access control approach that restricts user access based on the role of the user, along with the user's individual identity. Roles are created for job or task functions, and are assigned access permissions to specific assets. RBAC is a tool used to provide management plane security, not data plane security.