Cisco Updated 350-701 Exam Questions and Answers by bleu

A Cisco Umbrella virtual appliance (VA) is a lightweight virtual machine that acts as a DNS forwarder in your network. It forwards internal DNS queries to Umbrella and provides Umbrella with the internal IP address and hostname of the device that made the request. This allows Umbrella to apply policies and report on traffic based on the subnet, hostname, or user identity of the device1. The other options are not relevant for this scenario. Tenant control features are used to limit access to specific instances of cloud applications, such as Microsoft 365 or Google G Suite2. The Microsoft Active Directory Connector is used to provision users and groups from Active Directory to Umbrella, not to provide IP address information3. An internal domain is a domain that is resolved by your own DNS server, not by Umbrella, and is used to bypass Umbrella for domains that are only accessible within your network4. References:

• 1: Deploy Virtual Appliances - Umbrella User Guide
• 2: Manage Tenant Controls - Umbrella SIG User Guide
• 3: Connect Active Directory to Umbrella to Provision User and Groups
• 4: Domain Management - Umbrella User Guide

ExplanationApplication Visibility and control (AVC) supports NetFlow to export application usage and performancestatistics. This data can be used for analytics, billing, and security policies.

Multifactor authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN1. MFA is a core component of a strong identity and access management (IAM) policy. MFA can help prevent an attacker from stealing usernames and passwords of users within an organization by adding an extra layer of security beyond the traditional username and password. For example, a user may need to enter a one-time code sent to their phone or email, scan their fingerprint, or use a hardware token to prove their identity. This way, even if an attacker obtains the user’s credentials, they cannot access the resource without the second factor2.

The other options are not technologies that can help prevent an attacker from stealing usernames and passwords of users within an organization. RADIUS-based REAP is a protocol that allows wireless clients to authenticate with a RADIUS server, but it does not provide MFA3. Fingerprinting is a technique that identifies the operating system or application of a device based on its network characteristics, but it does not provide MFA4. Dynamic ARP Inspection is a security feature that prevents ARP spoofing attacks by validating ARP packets, but it does not provide MFA5.

References := 1: What is Multi-Factor Authentication (MFA)? | OneLogin(https://www.onelogin.com/learn/what-is-mfa)  2: What is: Multifactor Authentication - Microsoft Support(https://support.microsoft.com/en-us/topic/what-is-multifactor-authentication-e5e39437-121c-be60-d123-eda06bddf661)  3: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Securing the Network, Lesson 3.3: Secure Wireless Connectivity, Topic 3.3.1: Wireless Security Protocols, page 3-40. 4: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 2: Securing the Cloud, Lesson 2.2: Cloud Security Assessment, Topic 2.2.1: Cloud Security Concepts, page 2-13. 5: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Securing the Network, Lesson 3.2: Secure Network Access, Topic 3.2.2: Layer 2 Security Features, page 3-19.

DNSSEC (Domain Name System Security Extensions) is a technology that protects DNS from cache poisoning and spoofing attacks by digitally signing DNS data with cryptographic keys. DNSSEC ensures the integrity and authenticity of DNS responses, preventing attackers from redirecting traffic to malicious domains. Cisco Umbrella supports DNSSEC by performing validation on queries sent from Umbrella resolvers to upstream authorities. This means that Umbrella will only accept DNS responses that are signed and verified by the authoritative servers for each domain. To enable DNSSEC validation, the organization needs to configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers. This will ensure that Umbrella resolvers will reject any forged or tampered DNS responses and provide secure DNS resolution for the organization’s network. References :=

Some possible references are:

• Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 2: Network Security, Lesson 2.5: Implement DNS Security
• What is DNSSEC and Why Is It Important? - Cisco Umbrella
• DNSSEC General Availability – Cisco Umbrella