Chapter 5 Network Visibility and Segmentation Flashcards

1
Q

Which of the following technologies can be deployed to gain network visibility and awareness of security threats?

A. NetFlow

B. IPFIX

C. Cisco Stealthwatch

D. All of these answers are correct.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the statements is true about NetFlow?

A. NetFlow supports IPv4 and IPv6.

B. NetFlow supports IPv4 and IPv6 was introduced with IPFIX.

C. IPFIX supports only IPv4.

D. None of these answers is correct.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A flow is a unidirectional series of packets between a given source and destination. In a flow, the same source and destination IP addresses, source and destination ports, and IP protocol are shared. This is often referred to as the ________.

A. five-tuple

B. five elements

C. NetFlow intelligence

D. IPFIX

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IPFIX was originally created based on which of the following?

A. NetFlow v5

B. NetFlow v9

C. Flexible NetFlow

D. None of the above

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IPFIX is considered what type of protocol?

A. IPFIX is considered to be an active protocol.

B. IPFIX is considered to be a pull protocol.

C. IPFIX is considered to be a passive protocol.

D. IPFIX is considered to be a push protocol.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is a NetFlow deployment best practice?

A. NetFlow should be enabled as close to the access layer as possible (user access layer, data center access layer, in VPN termination points, and so on).

B. All NetFlow records belonging to a flow should be sent to the same collector.

C. To gain network visibility, Test Access Ports (TAPs) or Switched Port Analyzer (SPAN) ports must be configured when the Cisco Stealthwatch FlowSensors are deployed.

D. All of these answers are correct.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is a physical or virtual appliance that can generate NetFlow data when legacy Cisco network infrastructure components are not capable of producing line-rate, unsampled NetFlow data?

A. Stealthwatch FlowSensor

B. Stealthwatch FlowCollector

C. Stealthwatch FlowReplicator

D. Stealthwatch FlowGenerator

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following statements is not true?

A. In Amazon AWS, the equivalent of NetFlow is called VPC Flow Logs.

B. Google Cloud Platform supports VPC Flow Logs (or Google-branded GPC Flow Logs).

C. In Microsoft’s Azure, traffic flows are collected in network security group (NSG) flow logs.

D. In Microsoft’s Azure, the equivalent of NetFlow is called VPC Flow Logs.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are components of the Cisco ETA solution to identify malicious (malware) communications in encrypted traffic through passive monitoring, the extraction of relevant data elements, and a combination of behavioral modeling and machine learning?

A. NetFlow

B. Cisco Stealthwatch

C. Cisco Cognitive Threat Analytics

D. All of these answers are correct.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of the following deployment models has the advantage of limiting the overhead introduced by NetFlow?

A. FlowCollectors deployed at multiple sites and placed close to the source producing the highest number of NetFlow records.

B. FlowCollectors deployed in a centralized area and placed to handle the highest number of NetFlow records.

C. Using asymmetric routing to send NetFlow records to the same SMC, not to different collectors.

D. None of the above.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following are the main Flexible NetFlow components?

A. Records

B. Flow monitors

C. Flow exporters

D. Flow samplers

E. All of the options are correct.

A

E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In NX-OS, NetFlow CLI commands are not available until you enable which of the following commands?

A. netflow collection enable

B. feature netflow

C. ip netflow enable

D. ip netflow run

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following are Layer 2 technologies that security professionals have used for policy enforcement and segmentation? (Select two.)

A. VLANs

B. Routing protocols

C. VRFs

D. Route reflectors

A

A + C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cisco ISE scales by deploying service instances called “______” in a distributed architecture.

A. personas

B. SGTs

C. uSeg EPGs

D. pxGrid

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cisco ISE scales by deploying service instances called “______” in a distributed architecture.

A. personas

B. SGTs

C. uSeg EPGs

D. pxGrid

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have been asked to provide a segmentation strategy for applications residing in Docker containers and in virtual machines in a large data center. Which of the following technologies will you choose for such deployment?

A. Cisco ETA

B. Cisco ACI

C. VLANs and firewalls

D. None of these answers is correct.

A

A

17
Q

When you first deploy a Cisco ISE node, all the default services provided by the Administration, Policy Service, and Monitoring personas will be enabled. Which of the following statements is not true?

A. The Cisco ISE node will be in a standalone mode.

B. You must first configure a primary ISE node and then register secondary ISE nodes to the primary ISE node.

C. You must first configure the secondary ISE node and then the primary ISE node to avoid network disruption.

D. You cannot edit the personas or services of a standalone Cisco ISE node.

A

B

18
Q

When SGTs are provisioned by Cisco ISE, they are downloaded to network devices within the environment data. Which of the following are things to take into consideration about classification and SGT provisioning?

A. Typically, servers are classified into groups using static classification.

B. IP and Subnet-to-SGT mappings can be centrally managed from Cisco ISE and deployed to networking devices using SSH or SXP.

C. Dynamic classification is typically used for user, endpoint, or guest authentications by using 802.1X, MAB, WebAuth, or PassiveID, or they can also be learned from a Cisco ACI APIC (in the case of a Cisco ACI deployment).

D. All of the options are correct.

A

B

19
Q

Many organizations initially deploy 802.1X in XXXXXX mode to scope the deployment and prevent user productivity from being impacted while changes are being implemented.

A. monitor

B. active

C. standby

D. high-availability

A

D

20
Q

Depending on the version of NetFlow, the router can also gather additional information, such as which of the following?

A. Type of service (ToS) byte

B. Differentiated services code point (DSCP)

C. The device’s input interface

D. TCP flags

E. All of the options are correct.

A

E

21
Q

Which of the following statements is not true?

A. The Cisco Stealthwatch FlowSensor is a network appliance that functions similarly to a traditional packet capture appliance or IDS in that it connects into a Switch Port Analyzer (SPAN), mirror port, or a Test Access Port (TAP).

B. The Cisco Stealthwatch FlowSensor augments visibility where NetFlow is not available in the infrastructure device (router, switch, and so on) or where NetFlow is available but you want deeper visibility into performance metrics and packet data.

D. You typically configure the Cisco Stealthwatch FlowSensor in combination with a Cisco Stealthwatch FlowCollector.

E. A Cisco Stealthwatch FlowSensor replaces a Cisco Stealthwatch FlowCollector in several deployment models.

A

B

22
Q

Which of the following network telemetry sources can also be correlated with NetFlow while responding to security incidents and performing network forensics?

A. Syslog

B. 802.1X authentication logs

C. VPN logs

D. All of these options are correct.

A

A

23
Q

Which of the following NetFlow versions support templates? (Select all that apply.)

A. Flexible NetFlow

B. NetFlow v2

C. NetFlow v9

D. NetFlow v5

E. NetFlow v8

A

C

24
Q

IPFIX uses which of the following protocols to provide a packet transport service designed to support several features beyond TCP or UDP capabilities?

A. SCP

B. SCTP

C. pxGrid

D. EPG

A

C

25
Q

Cisco Stealthwatch components can be deployed as physical or virtual appliances. The two minimum required components are XXXXXXX.

A. SMC and FlowSensor

B. SMC and FlowCollector

C. FlowSensor and FlowCollector

D. None of these options is correct.

A

A