Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)
Its not C, becque FMC does not instruct ISE. Its the other way around: FMC can enforce an organization’s security policy based on ISE session attribute information available through pxGrid.
A and E are correct !!! If you read FMC white paper you know that FMC can instruct ISE to shutdown, Quarantine host. And this can also be done with stealthwatch:
https://cisco.bravais.com/s/O3aQkU0OU6fNYhUrsuES
If you think, why would AMP do that, when AMP can already block threat on the host itself ?
Stealthwatch and FirePOWER are both on-prem network solutions that have integration with ISE.
AMP, as a cloud solution, doesn't have an integration with ISE, as far as I know of.
I'm going with A & C
FMC through pxGrid integration with ISE - yes possible. Stealwatch is also possible. So my answer is A and C.
Cisco Stealthwatch has the capability to take automated actions to block threats or suspicious behavior on endpoints. Here are the relevant features:
Adaptive Network Control (ANC): When integrated with Cisco Identity Services Engine (ISE), Stealthwatch can trigger ANC policy changes. These changes modify or limit an endpoint’s level of access to the network. In other words, if Stealthwatch detects a threat, it can automatically quarantine the compromised endpoint by adjusting network access through authorization policies or Security Group Tags (SGT)
Cisco Stealthwatch is not a technology that instructs Cisco Identity Services Engine (ISE) to contain the infected endpoint either manually or automatically.
Cisco Stealthwatch is a network visibility and security analytics platform that uses NetFlow, telemetry, and machine learning to detect threats across the network, including advanced malware and insider threats. It provides network behavior analysis (NBA) to identify anomalies, threat hunting to investigate incidents, and network segmentation to limit the attack surface.
he two technologies that can instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically are:
Cisco Stealthwatch
Cisco AMP
Both Cisco Stealthwatch and Cisco AMP have integration with Cisco Identity Services Engine to automate the quarantine or isolation of the endpoint upon detecting a threat.
The two technologies that can instruct Cisco Identity Services Engine (ISE) to contain an infected endpoint, either manually or automatically, upon detecting a flagrant threat on the endpoint are:
C. Cisco FMC
E. Cisco AMP for Endpoints
RTC w/ FMC & ISE is the ability for the FMC to quarantine end points through ISE. So, when the FMC sees some indicators of compromise, certain Snort IPS signatures are fired, or malware is discovered through AMP, the FMC can trigger actions to occur through ISE. ISE, in turn, can determine what to do when that trigger occurs. ISE could kick the user off the network or change the context of the user and endpoint so that different actions are taken within the network infrastructure.
E cannot be correct here if the answer to question 212 is correct (Who tells ISE to contain the endpoint? Correct answer at 212 is FMC)
So I go with A and C here
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
c946f3e
Highly Voted 1 year, 4 months agorbrain
Most Recent 1 month agohouhou12322
4 months, 1 week agoDoris8000
6 months, 2 weeks agoz6st2a1jv
1 year, 2 months agoSegaMasterSystemAdmin
1 year, 7 months agoInitial14
1 year, 9 months agomatan24
1 year, 9 months agogwb
9 months, 4 weeks agoInitial14
1 year, 9 months agoJoe_Blue
1 year, 10 months agotanri04
1 year, 10 months agoJoe_Blue
1 year, 10 months agouedemdog
1 year, 10 months agoBaumb
1 year, 11 months ago