What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
Answer should be B
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKDEV-2456.pdf
Page 28
Cisco Threat Intelligence Director (TID)
Step 1
Ingest third-party Cyber Threat Intelligence (CTI)
Step 2
Publish observables to sensors
Step 3
Detect and alert on incidents
i would go with B here. Because the TID is used if you want to use external (not cisco provided) Security Information / Observables, in addition to what you get from cisco ->
"The Cisco Threat Intelligence Director (TID) operationalizes threat intelligence data, helping you aggregate intelligence data, configure defensive actions, and analyze threats in your environment. This feature is intended to supplement other Firepower functionality, offering an additional line of defense against threats"
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/cisco_threat_intelligence_director__tid_.html
and for AMP you dont need the TID. AMP(for Networks) comes with its own configuration o the FMC for example where you can define the cloud you want to use etc.
"Secure Malware Analytics (formerly Threat Grid) combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware."
I went with C at first, but B makes more sense.
External threat feed is a option on ESA, but I don't see any example of using TID.
TID is usually added to FP in intelligence sources.
The answer is B:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_0110001.html
Looks like it might be "B"
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/cisco_threat_intelligence_director__tid_.html
Feature introduced: Lets you use threat intelligence from external sources to identify and process threats.
The question is about the TID, not CTR. Correct answer is BB
upvoted 6 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CiscoTech
Highly Voted 4 years, 2 months agouser636
Highly Voted 3 years, 8 months agoMarshpillowz
Most Recent 5 months, 1 week agobrownbear505
2 years, 6 months agoSun2sun
2 years, 7 months agopr0fectus
2 years, 8 months agoMoII
2 years, 10 months agoMoII
2 years, 10 months agozeroC00L
2 years, 11 months agoSarbi
3 years agoandrewj511
3 years agoRaajaa
3 years, 2 months agoKris92
3 years, 6 months agoJAckThePip
3 years, 9 months agomyccnptest
3 years, 9 months agoavl83
4 years, 1 month agoessie007
3 years, 11 months ago