Lecture 10 Pt. 3 Flashcards
What does Cisco FTD combine?
Cisco ASA Firewall (traditional), Cisco Firepower (NGFW)
What are the two main operating modes of Cisco NGFW and Cisco NGIPS? i______ & ________e
Inline and passive (monitoring) mode
Inline mode is used for prevention, while passive mode is for monitoring traffic.
What is the purpose of inline mode in Cisco NGFW and Cisco NGIPS?
Used for prevention
Inline devices can block and mitigate threats by being placed between communicating assets.
What happens during a software failure in inline mode?
All traffic is dropped
The fail-open or fail-to-wire capability can be used to allow traffic to bypass the device rules to avoid traffic loss.
What should fail-open not be used for?
When the security policy requires traffic to be inspected and accounted for (e.g. You would never enable it if the policy may choose to block some traffic)
Enabling open would allow traffic to bypass device rules.
What is an inline pair with a tap configured for?
To have two physical interfaces internally bridged
This setup allows for full Snort engine checks on a copy of the actual traffic.
What traditional firewall features are not available for flows going through an inline pair?
NAT, routing, and ACLs
These features are not applicable in the inline pair configuration.
Passive mode in Cisco’s NGFW or NGIPS is used to silently inspect _______ and ________ malicious activity without interrupting _______ flow
What is passive mode in Cisco NGFW or NGIPS used for?
traffic; identify; traffic
What can the device in passive mode do regarding malicious connections?
Reset malicious connections
However, this should not be considered a mitigation mechanism.
What are the most important capabilities of Cisco Firepower NGIPS (4)?
Threat containment and remediation, application visibility, identity management, security automation,
What does high availability and stacking provide in Cisco Firepower NGIPS?
Redundancy and performance
This is achieved by leveraging multiple devices.
What does network behavioral analysis help analysts with?
Prioritize and recover from attacks
It uses key behavioral indicators and threat scores.
Fill in the blank: Cisco Firepower NGIPS offers _______ inspection and control for better efficacy.
deep
True or False: Passive mode is only supported in routed deployment mode.
False
Passive mode is supported in both routed and transparent deployment modes.
Cisco ASA provides traditional firewall services such as (3)
Stateful firewalling, VPN, NAT
Cisco Firepower is a NGFW that provides more advanced features such as (5)
Application Visibility & Control
IPS/IDS
Threat Intelligence Blocking
Malware/File Blocking
Network Discovery
What are the most important capabilities of Cisco Firepower NGIPS (5)?
logging and traceability management, high availability and stacking, network behavioral analysis, access control and segmentation, real-time contextual awareness
