Chapter 5 Network Visibility and Segmentation Flashcards
Which of the following technologies can be deployed to gain network visibility and awareness of security threats?
A. NetFlow
B. IPFIX
C. Cisco Stealthwatch
D. All of these answers are correct.
D
Which of the statements is true about NetFlow?
A. NetFlow supports IPv4 and IPv6.
B. NetFlow supports IPv4 and IPv6 was introduced with IPFIX.
C. IPFIX supports only IPv4.
D. None of these answers is correct.
A
A flow is a unidirectional series of packets between a given source and destination. In a flow, the same source and destination IP addresses, source and destination ports, and IP protocol are shared. This is often referred to as the ________.
A. five-tuple
B. five elements
C. NetFlow intelligence
D. IPFIX
A
IPFIX was originally created based on which of the following?
A. NetFlow v5
B. NetFlow v9
C. Flexible NetFlow
D. None of the above
B
IPFIX is considered what type of protocol?
A. IPFIX is considered to be an active protocol.
B. IPFIX is considered to be a pull protocol.
C. IPFIX is considered to be a passive protocol.
D. IPFIX is considered to be a push protocol.
D
Which of the following is a NetFlow deployment best practice?
A. NetFlow should be enabled as close to the access layer as possible (user access layer, data center access layer, in VPN termination points, and so on).
B. All NetFlow records belonging to a flow should be sent to the same collector.
C. To gain network visibility, Test Access Ports (TAPs) or Switched Port Analyzer (SPAN) ports must be configured when the Cisco Stealthwatch FlowSensors are deployed.
D. All of these answers are correct.
D
Which of the following is a physical or virtual appliance that can generate NetFlow data when legacy Cisco network infrastructure components are not capable of producing line-rate, unsampled NetFlow data?
A. Stealthwatch FlowSensor
B. Stealthwatch FlowCollector
C. Stealthwatch FlowReplicator
D. Stealthwatch FlowGenerator
A
Which of the following statements is not true?
A. In Amazon AWS, the equivalent of NetFlow is called VPC Flow Logs.
B. Google Cloud Platform supports VPC Flow Logs (or Google-branded GPC Flow Logs).
C. In Microsoft’s Azure, traffic flows are collected in network security group (NSG) flow logs.
D. In Microsoft’s Azure, the equivalent of NetFlow is called VPC Flow Logs.
D
Which of the following are components of the Cisco ETA solution to identify malicious (malware) communications in encrypted traffic through passive monitoring, the extraction of relevant data elements, and a combination of behavioral modeling and machine learning?
A. NetFlow
B. Cisco Stealthwatch
C. Cisco Cognitive Threat Analytics
D. All of these answers are correct.
D
Which type of the following deployment models has the advantage of limiting the overhead introduced by NetFlow?
A. FlowCollectors deployed at multiple sites and placed close to the source producing the highest number of NetFlow records.
B. FlowCollectors deployed in a centralized area and placed to handle the highest number of NetFlow records.
C. Using asymmetric routing to send NetFlow records to the same SMC, not to different collectors.
D. None of the above.
A
Which of the following are the main Flexible NetFlow components?
A. Records
B. Flow monitors
C. Flow exporters
D. Flow samplers
E. All of the options are correct.
E
In NX-OS, NetFlow CLI commands are not available until you enable which of the following commands?
A. netflow collection enable
B. feature netflow
C. ip netflow enable
D. ip netflow run
B
Which of the following are Layer 2 technologies that security professionals have used for policy enforcement and segmentation? (Select two.)
A. VLANs
B. Routing protocols
C. VRFs
D. Route reflectors
A + C
Cisco ISE scales by deploying service instances called “______” in a distributed architecture.
A. personas
B. SGTs
C. uSeg EPGs
D. pxGrid
B
Cisco ISE scales by deploying service instances called “______” in a distributed architecture.
A. personas
B. SGTs
C. uSeg EPGs
D. pxGrid
A