In the default global policy, which traffic is matched for inspections by default?
A. match any
B. match default-inspection-traffic
C. match access-list
D. match port
E. match class-default
Answer: B
Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?
A. logging list critical_messages level 2
console logging critical_messages
B. logging list critical_messages level 2
logging console critical_messages
C. logging list critical_messages level 2
logging console enable critical_messages
D. logging list enable critical_messages level 2 console logging critical_messages
Answer: B
Sunday 29 September 2019
Sunday 13 January 2019
Cisco Talos releases PyLocky ransomware decryptor - but there's a catch
Cisco security company Talos has released a free decryption tool for Windows users concerned with the PyLocky ransomware, but it will not work for everyone.
PyLocky is an imitation of the famous "Locky" ransomware, except that it is written in a programming language called Python. The ransomware tries to imitate other families of ransomware.
Although ransomware is a threat to those infected with it, decryption tools can often reverse the damage. In the case of PyLocky, Cisco Talos has managed to create a decryption tool, but the problem is serious.
The tool will only work for those who have successfully captured a PCAP from the outbound connection attempt on the ransomware command and control servers, a connection that occurs a few seconds after the infection.
In short, the PyLocky ransomware decoder will only work on machines with network traffic monitoring capabilities.
According to Cisco Talos, PyLocky generates a random user ID and password when it is executed. It also collects information about the infected machine using WMI wrappers.
"After getting the absolute path of each file in the system, the malicious program calls the encryption algorithm and passes the IV and password."
Each file is first encoded in base64 before encrypting it. The malware adds the ".lockedfile" extension to each file it encrypts, for example, the "picture.jpg" file would become "picture.jpg.lockedfile".
Each file is overwritten by a rescue request.
For victims who use network monitoring software, they simply download the decryptor to their infected computer, download WinPcap, specify the PCAP file with IV and password, and wait for the decryptor to do his job. . The company said that during the test phase, the decipherer was able to recover three infected systems. However, very large files of 4 GB or more may not be decrypted.
The company claims that the decryptor is designed for use on Windows systems and assumes no responsibility for the misuse of this tool.
"Talos encourages users never to pay the ransom requested by the attacker, which rarely results in the recovery of encrypted files.The victims of this ransomware should instead restore from backup copies if their files can not be decrypted. In June 2017, Talos repeatedly observed that assailants demanding ransom have no way of contacting victims to provide them with a decryptor, "said Cisco Talos.
Tuesday 18 September 2018
Cisco 300-206 Question Answer
What are two reasons for implementing NIPS at enterprise Internet edges? (Choose two.)
A. Internet edges typically have a lower volume of traffic and threats are easier to detect.
B. Internet edges typically have a higher volume of traffic and threats are more difficult to detect.
C. Internet edges provide connectivity to the Internet and other external networks.
D. Internet edges are exposed to a larger array of threats.
E. NIPS is more optimally designed for enterprise Internet edges than for internal network configurations.
Answer: CD
Which statement about the Cisco ASA configuration is true?
A. All input traffic on the inside interface is denied by the global ACL.
B. All input and output traffic on the outside interface is denied by the global ACL.
C. ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will be permitted from the outside back to inside.
D. HTTP inspection is enabled in the global policy.
E. Traffic between two hosts connected to the same interface is permitted.
Answer: B
A. Internet edges typically have a lower volume of traffic and threats are easier to detect.
B. Internet edges typically have a higher volume of traffic and threats are more difficult to detect.
C. Internet edges provide connectivity to the Internet and other external networks.
D. Internet edges are exposed to a larger array of threats.
E. NIPS is more optimally designed for enterprise Internet edges than for internal network configurations.
Answer: CD
Which statement about the Cisco ASA configuration is true?
A. All input traffic on the inside interface is denied by the global ACL.
B. All input and output traffic on the outside interface is denied by the global ACL.
C. ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will be permitted from the outside back to inside.
D. HTTP inspection is enabled in the global policy.
E. Traffic between two hosts connected to the same interface is permitted.
Answer: B
Sunday 19 August 2018
Cisco 300-206 Question Answer
What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?
A. 1024 bytes
B. 1518 bytes
C. 2156 bytes
D. 9216 bytes
Answer: D
Which two statements about Cisco IDS are true? (Choose two.)
A. It is preferred for detection-only deployment.
B. It is used for installations that require strong network-based protection and that include sensor tuning.
C. It is used to boost sensor sensitivity at the expense of false positives.
D. It is used to monitor critical systems and to avoid false positives that block traffic.
E. It is used primarily to inspect egress traffic, to filter outgoing threats.
Answer: AD
A. 1024 bytes
B. 1518 bytes
C. 2156 bytes
D. 9216 bytes
Answer: D
Which two statements about Cisco IDS are true? (Choose two.)
A. It is preferred for detection-only deployment.
B. It is used for installations that require strong network-based protection and that include sensor tuning.
C. It is used to boost sensor sensitivity at the expense of false positives.
D. It is used to monitor critical systems and to avoid false positives that block traffic.
E. It is used primarily to inspect egress traffic, to filter outgoing threats.
Answer: AD
Wednesday 21 February 2018
Cisco 300-206 Question Answer
What is the primary purpose of stateful pattern recognition in Cisco IPS networks?
A. mitigating man-in-the-middle attacks
B. using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide within a data stream
C. detecting and preventing MAC address spoofing in switched environments
D. identifying Layer 2 ARP attacks
Answer: B 300-206 VCE
What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2 Services? (Choose two.)
A. guaranteed bandwidth and peak rates as well as low cycle periods, regardless of which systems access the device
B. increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TE
C. enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2 functionality
D. provided complete proactive protection against frame and device spoofing
Answer: BC
A. mitigating man-in-the-middle attacks
B. using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide within a data stream
C. detecting and preventing MAC address spoofing in switched environments
D. identifying Layer 2 ARP attacks
Answer: B 300-206 VCE
What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2 Services? (Choose two.)
A. guaranteed bandwidth and peak rates as well as low cycle periods, regardless of which systems access the device
B. increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TE
C. enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2 functionality
D. provided complete proactive protection against frame and device spoofing
Answer: BC
Wednesday 20 December 2017
5 Things You Didn't Know about Cisco Investments
Cisco is not only the global leader in IT and networks. It also turns out to be one of the most unique strategic investors in the world of startups.
Beginning in 1993, Cisco Investments has actively explored the world to invest in emerging technologies and innovative companies that can shape the technological landscape. Some of those investments later became Cisco acquisitions, while others prospered independently. Today, Cisco has a current portfolio of more than 120 active investments in promising startups, entrepreneurs and limited partner positions in more than 40 venture funds. Here there is more color in what could be said to be one of the greatest secrets of the technology industry.
Unique investment thesis
Cisco Investments has been a constant investor in new technology companies with a history that goes back more than two decades, through good and bad markets. The organization invests approximately $ 200 million each year in up to 30 new companies. The spectrum ranges from initial investments in the initial phase of the seed from a few hundred thousand dollars to tens of millions, as when you enter money into VMware before the IPO of that company.
The mandate is broad and extends beyond current Cisco business to nascent industry segments where the company has no presence. For example, Cisco recently invested in the drone field, a space that is far removed from any of its core businesses. But this is part of a strategy that is based on taking a long-term perspective.
"It puts us in an excellent position to see not only what is relevant today but also where the future is going," said Rob Salvagno, vice president of corporate development at Cisco.
While Salvagno's team focuses its efforts on opportunities that affect the company's core businesses, it also maintains a lens wide enough to focus on a myriad of opportunities for the next horizon. For Salvagno, the foundation that supports all of the company's investment activity is "investing in areas that make us strategically smarter in areas that matter to Cisco today or could shape Cisco tomorrow."
You could describe Cisco Investments as the venture capital firm of the company, but with some important differences. Unlike its conventional venture capital companies, the main objective of Cisco Investments is strategic and functions as a complementary partner for venture capital. Financial considerations, although important, play a secondary role.
Another big difference: Cisco Investments portfolio companies enjoy access to rich resources that no Sand Hill organization can replicate. In practice, that means they can reach the ranks of Cisco to take advantage of a deposit of technical talent and advice. They also have access to an array of Cisco customers and partners.
The fact that we have a team that has this combination of all these different previous experiences (we have engineers, entrepreneurs, bankers, venture capitalists, consultants), together with this unique ability to invest and acquire, makes us really special.
"We are a great company with relationship managers for each of the companies in our portfolio, so they can connect with customers, business units and the right partners," says Hitesh Saijpal, director of Cisco Investments Portfolio Development. "Some of the strongest channel partner ecosystems in the world are at your disposal, as well as access to the world's most important technology sales force."
Cisco's investments obviously aim to make smart financial investments when placing money in portfolio companies. But the main motivation is strategic. So, if that means there are no immediate returns, so be it. This is to invest in the long term.
Cisco generally receives a directory observer position in the companies in which it invests. That gives him the same level of visibility as a board member. The difference between an observer and a board member? The former does not have the right to vote, which avoids possible conflicts and fiduciary responsibilities. However, a board position gives Cisco an overview of the companies in its portfolio, as well as a greater appreciation of the challenges and opportunities they face.
According to Salvagno, the strategic and financial success of Cisco's activities does not depend on a single investment. The goal is to find investments that are strategically aligned with the various businesses within Cisco. However, when it comes to choosing more distant investments, Cisco Investments has a long-term vision. The focus is on companies that represent the best in their class. Those are the new companies that are more likely to become the highlights that end up shaping their particular market segments.
Sometimes, however, a young company may not want a strategic investor immediately.
"That's why we try to make our investment value proposal known to companies long before they are ready for fundraising," Salvagno said. "So, when having a strategic investor becomes relevant to them, we want them to think of Cisco as their partner."
About a third of Cisco Investments' 50-person team lives and works outside the United States, and offers the company a global view of local technology developments worldwide, as well as a global investment capacity. Team members have their own areas of expertise in particular domains such as security, cloud or big data. It is also a diverse team, not only from a gender or ethnic perspective, but also from an experience perspective.
Consider someone like Janey Hoe, who started as an engineer and became a product manager at Cisco. Today he is responsible for the equipment data center and storage investments, as well as being the main responsible for Greater China.
"Janey really understands what it takes to build and sell products," Salvagno said.
He also pointed to Karthik Subramanian, who directs Cisco Investments' security practice.
"Karthik started out as an investment banker, he understands the financial aspect, but he also founded his own company so that he understands what it's like to be an entrepreneur."
"The fact that we have a team that has this combination of all these different previous experiences (we have engineers, entrepreneurs, bankers, venture capitalists, consultants), all together with this unique ability to invest and acquire, makes us really special and allows to make better strategic decisions for Cisco. "
Start DNA
Any technology company that wants to remain relevant must be at the forefront of market transitions and agile enough to innovate as market conditions change. It is also the reason why Cisco Investments actively travels the world to find and forge strong partnerships with startups that develop cutting-edge technologies.
"Innovation takes place within Cisco, but it is also happening outside the company," said Salvagno. "And because it is happening outside the walls of Cisco, we have the opportunity to gain visibility in multiple areas that could be outside of our core business."
It is also a possible springboard for future mergers and acquisitions. For example, Cisco invested in OpenDNS in 2014 just as the market for cloud security began to emerge. Cisco already had a strong security business, but saw an ongoing technological transition where OpenDNS was playing a leading role. A year later, Cisco acquired the company. Since then, the OpenDNS unit has become the basis of the cloud security business. It is important to note that founder David Ulevitch now runs all of Cisco's multi-million dollar security business. So, not only did that investment help drive a future acquisition, it also became the way for one of the industry's top entrepreneurs to infuse their DNA into Cisco.
Finding a great match depends on much more than chance at Cisco Investments.
The organization implements dedicated teams to determine the best investment opportunities in various technology segments.
Each team has the understanding of everything within their particular bailiwick within Cisco. At the same time, they are also responsible for interacting with startups, partners and financial risk capitalists, with the goal of cultivating a deep understanding of what else is happening in their space.
Take the example of the Internet of things. When Cisco began to explore the IoT's potential early in this decade, the company was not sure about the immediate opportunities it could offer to its core businesses. But IoT represented an emerging market with great potential. The question was where Cisco would participate. Therefore, it began to invest, more than 20 startups related to IoT in the first years, which allowed Cisco to accumulate a valuable knowledge pool. This knowledge helped contribute to last year's decision to acquire Jasper Technologies for $ 1.4 billion, a company that was not one of the companies in Cisco's IoT portfolio. As Salvagno pointed out: "Cisco's knowledge about IoT of its other investments helped us recognize Jasper's uniqueness."
In more general terms, a possible future horizon opportunity comes in many forms. For example, Cisco is an investor in a startup that helps give visibility to companies about what happens on the dark web. Is that kind of commercial representative of something that Cisco sells directly today? No, says Salvagno, but "as things evolve in cybersecurity, do we need visibility in terms of how you get intelligence about the dark web? The answer is yes."
Monday 6 November 2017
Cisco 300-206 Question Answer
When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?
A. By enabling ARP inspection; however, it cannot be controlled by an ACL
B. By enabling ARP inspection or by configuring ACLs
C. By configuring ACLs; however, ARP inspection is not supported
D. By configuring NAT and ARP inspection
Answer: A
What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.)
A. identifying Layer 2 ARP attacks
B. detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association
C. detecting and preventing MAC address spoofing in switched environments
D. mitigating man-in-the-middle attacks
Answer: AD
A. By enabling ARP inspection; however, it cannot be controlled by an ACL
B. By enabling ARP inspection or by configuring ACLs
C. By configuring ACLs; however, ARP inspection is not supported
D. By configuring NAT and ARP inspection
Answer: A
What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.)
A. identifying Layer 2 ARP attacks
B. detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association
C. detecting and preventing MAC address spoofing in switched environments
D. mitigating man-in-the-middle attacks
Answer: AD
Subscribe to:
Posts (Atom)