Cisco Updated 350-701 Exam Questions and Answers by niam

Workloaded security models are ways of protecting applications, services, and capabilities that run on a cloud resource. Virtual machines, databases, containers, and applications are all considered cloud workloads. There are different types of cloud deployment models, such as public, private, hybrid, and multicloud. Depending on the deployment model, the cloud workload security can vary in terms of responsibility, visibility, and control.

Infrastructure as a service (IaaS) is a cloud deployment model where the cloud provider offers the basic computing infrastructure, such as servers, storage, and networking, as a service. The customer is responsible for installing, configuring, and managing the operating systems, applications, and security of the workloads that run on the cloud infrastructure. IaaS provides the customer with more flexibility and control over the workload security, but also more complexity and overhead.

On-premises is a deployment model where the customer owns and operates the entire IT infrastructure, including the hardware, software, and security. The customer has full responsibility and control over the workload security, but also the highest cost and maintenance. On-premises deployment can offer more security and compliance than cloud deployment, depending on the customer’s security posture and practices.

References:

https://www.cisco.com/site/us/en/products/security/secure-workload/index.html

https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-workload-security/

 MAB is a fallback authentication method for devices that do not support 802.1X. When MAB is enabled on a switchport, the switch will first try 802.1X and if it fails, it will use the MAC address of the device as the username and password to authenticate it with a RADIUS server. The RADIUS server must have a database of MAC addresses that are allowed on the network. MAB can also support dynamic VLAN assignment and ACLs from the RADIUS server. MAB is not a very secure method because MAC addresses can be easily spoofed or changed. Therefore, MAB should be used with caution and only for devices that cannot use 802.1X. References :=

Some possible references are:

• Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Securing Networks with Cisco Firepower Next Generation Firewall, Lesson 3.2: Deploying Cisco Firepower Next-Generation Firewall, Topic 3.2.2: 802.1X and MAB
• MAC Authentication Bypass Deployment Guide, Cisco, MAB Overview, What is MAB?
• MAC Authentication Bypass (MAB), NetworkLessons.com, How MAB Works
• MAC-based authentication (MAB), RADIUSaaS Docs, How it works
• MAC authentication and username/password, Cisco Community, Answer by hslai

 Cisco Duo is a cloud-based solution that provides multi-factor authentication (MFA) and device trust for secure access to applications and data. MFA adds an extra layer of security by requiring users to verify their identity with something they know (such as a password) and something they have (such as a phone or a hardware token). Device trust ensures that only trusted devices can access sensitive resources by checking the device health and compliance. Cisco Duo can help prevent social engineering attacks by making it harder for hackers to impersonate legitimate users or compromise their credentials. Cisco Duo can also integrate with other Cisco security products, such as Cisco AnyConnect, Cisco AMP for Endpoints, and Cisco Umbrella, to provide a comprehensive security solution. References :=

• Cisco Duo Security
• Cisco Duo: Multi-Factor Authentication
• Cisco Duo: Device Trust
• Cisco Security Core Technologies SCOR