Exam 350-701 topic 1 question 261 discussion

Cisco is horrible in creating exam questions!

The Answer is D

D. Question says "based on the subnet that the endpoint is on". Nothing about Active Directory. Not all networks use AD...

The answer seems to be D, according to the link already provided: https://docs.umbrella.com/deployment-umbrella/docs/internal-networks-setup-guide The following link shows that the MS AD connector is intended to be used for a different purpose: https://docs.umbrella.com/umbrella-user-guide/docs/introduction-4

The correct answer is A. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard. Cisco Umbrella uses the public IP address of the device to identify it. If the organization wants to block traffic based on the subnet that the endpoint is on, it needs to provide Cisco Umbrella with the internal IP address information. This can be done by installing the Microsoft Active Directory Connector (AD Connector) and configuring it to synchronize the organization's Active Directory with Cisco Umbrella. The AD Connector will synchronize the organization's Active Directory with Cisco Umbrella, which will allow Cisco Umbrella to see the internal IP address of the device. This will allow the organization to block traffic based on the subnet that the endpoint is on.

D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address. When using Cisco Umbrella for DNS services, it can be challenging to track traffic based on subnets because the public IP addresses of the endpoint are seen instead of the internal IP addresses. To resolve this issue, an organization can set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address. This will allow the organization to track traffic based on the subnet that the endpoint is on and implement policies to block traffic as needed. The virtual appliance acts as a proxy that fields the requests, enabling visibility into the internal IP addresses and allowing the organization to see the full picture of its network traffic.

"How Umbrella Virtual Appliances Work VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers and forwarders. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address." <-- CLIENT'S INTERNAL IP ADDRESS. "VAs record the internal IP address of every DNS request. Security and DNS traffic-related investigations allow you to associate traffic to an individual, internal IP address." See picture here: https://docs.umbrella.com/deployment-umbrella/docs/1-introduction

Two links below show that it is NOT C and it IS D. C is for cloud to on prem, where the virtual appliance allows you to bypass NAT which is the crux of the question. https://docs.umbrella.com/deployment-umbrella/docs/internal-networks-setup-guide https://docs.umbrella.com/deployment-umbrella/docs/appx-d-internal-domains

c,c is the answer