Rule

Source

Private Cloud

Explanation
The question describes a solution that performs three key functions on Cisco IOS and IOS XE devices:

Recognize applications (Application Recognition)

Collect and send network metrics to management tools (Visibility)

Prioritize application traffic (Control)

This is the exact definition of Cisco Application Visibility and Control (AVC). AVC is a suite of features that combines several technologies:

NBAR2 (Next-Generation Network-Based Application Recognition):
For deep packet inspection to identify thousands of applications.

NetFlow/IPFIX:
For collecting and exporting detailed flow records about the identified applications.

Performance Monitoring (PerfMon):
For collecting performance metrics like latency, jitter, and packet loss.

Quality of Service (QoS):
For marking, policing, shaping, and queuing traffic to prioritize critical applications.

AVC integrates these components to provide a comprehensive solution for monitoring and managing application performance on the network.

Why the other options are incorrect:

A. Cisco Catalyst Center:
This is Cisco's network management and automation platform (formerly DNA Center). While Catalyst Center consumes and visualizes the data provided by AVC, it is not the underlying technology on the router/switch that performs the recognition, collection, and prioritization. AVC is the feature set on the network device itself.

B. Cisco Security Intelligence:
This is a broad term, often associated with threat intelligence feeds from Cisco Talos. It is related to security analysis, not application performance monitoring and control.

C. Cisco Model Driven Telemetry (MDT):
This is a modern, high-performance method for streaming data from network devices. While AVC can use MDT as a transport mechanism to send data to collectors, MDT itself is just the transport protocol. It does not include the application recognition (NBAR2) or traffic control (QoS) components. AVC is the overarching solution that defines what data is collected and how it's used.

Reference:
The definition and components of AVC are documented in Cisco's solution guides.

As per the Cisco Application Visibility and Control Configuration Guide, AVC is described as a solution that "integrates multiple Cisco IOS and Cisco IOS XE technologies... to provide application-level visibility and control" and "enables you to monitor, manage, and optimize your network performance.

An interface can be assigned only to one zone.

Explanation for Each Option:

A. health policy (Correct):
On Cisco Firepower Management Center (FMC), the health policy is used to monitor and collect health module alerts from managed devices (e.g., Firepower Threat Defense devices). It defines thresholds and notifications for system health metrics like CPU usage, disk space, and interface status, making it the appropriate policy for this purpose. (Reference: Cisco FMC Health Policy Configuration Guide.)
B. system policy (Incorrect):
System policies in FMC configure device-level settings (e.g., NAT, QoS), but they do not specifically collect or manage health module alerts. Health monitoring is a distinct function handled by the health policy, rendering this option incorrect. (Reference: Cisco FMC System Policy Overview.)

C. correlation policy (Incorrect):
Correlation policies in FMC define rules to correlate events and generate alerts based on security incidents, not to collect health module alerts from devices. They focus on threat detection, not system health, making this option unsuitable. (Reference: Cisco FMC Correlation Policy Guide.)

D. access control policy (Incorrect):
Access control policies in FMC determine how traffic is allowed, blocked, or inspected based on rules. They are unrelated to collecting health module alerts, which are system health-related, not traffic-related, rendering this option incorrect. (Reference: Cisco FMC Access Control Policy Guide.)

E. health awareness policy (Incorrect):
"Health awareness policy" is not a recognized term in Cisco FMC documentation. The correct term is "health policy," which handles health monitoring and alerts, making this option invalid. (Reference: Cisco FMC Health Monitoring Documentation.)

Additional Notes:
Configuring health policies in FMC is a key topic in the 350-701 SCOR exam under network security. As of 12:25 PM PKT, October 03, 2025, it ensures device health visibility.

Configure the advancedproxyconfig command with the HTTPS subcommand

ETHOS detection engine

Explanation for Each Option:

A. cloud web services (Incorrect):
Cloud web services in Cisco AMP for Endpoints refer to the use of cloud-based threat intelligence and analysis (e.g., via Cisco Threat Grid) to enhance endpoint protection. This deployment involves sending data to the public cloud, which does not keep data within the network perimeter, making this option unsuitable. (Reference: Cisco AMP Cloud Web Services Overview.)

B. network AMP (Incorrect):
Network AMP focuses on securing network traffic using appliances or virtual sensors (e.g., Firepower devices) to detect and block malware. While it operates within the network, it is not a specific deployment architecture for endpoints and does not inherently keep endpoint data within the perimeter, as it relies on cloud correlation, rendering this option incorrect. (Reference: Cisco AMP for Networks Datasheet.)

C. private cloud (Correct):
The private cloud deployment architecture for Cisco AMP for Endpoints allows organizations to host the AMP infrastructure within their own data center or private cloud environment. This keeps all endpoint data, including file analysis and threat intelligence, within the network perimeter, ensuring compliance and security for sensitive environments, meeting the requirement. (Reference: Cisco AMP Private Cloud Deployment Guide.)

D. public cloud (Incorrect):
Public cloud deployment of Cisco AMP for Endpoints relies on Cisco’s cloud infrastructure to process and store data, such as file submissions and threat verdicts. This approach sends data outside the network perimeter to the public cloud, which contradicts the goal of keeping data within the network, making this option incorrect. (Reference: Cisco AMP Public Cloud Overview.)

Additional Notes:
AMP deployment architectures are a key topic in the 350-701 SCOR exam under endpoint security. As of 11:50 AM PKT, October 02, 2025, private cloud options are critical for perimeter security. For details, refer to the Cisco AMP for Endpoints Deployment Guide (cisco.com) and the 350-701 Exam Blueprint (Section 2.0 Endpoint Security).

Explanation for Each Option:

A. Enable client-side scripts on a per-domain basis (Incorrect):
Enabling client-side scripts on a per-domain basis (e.g., via Content Security Policy) can help mitigate some XSS risks by restricting script sources, but it is not a preventive measure on its own. It is a control mechanism, not a direct prevention technique, making this option less effective and incorrect as a primary measure. (Reference: OWASP XSS Prevention Cheat Sheet, CSP Usage.)

B. Incorporate contextual output encoding/escaping (Correct):
Contextual output encoding/escaping converts untrusted input into a safe format (e.g., HTML entities like < to <) based on the context (HTML, JavaScript, etc.) to prevent execution of malicious scripts. This is a fundamental preventive measure against cross-site scripting (XSS), making it a correct choice. (Reference: OWASP XSS Prevention, Output Encoding.)

C. Disable cookie inspection in the HTML inspection engine (Incorrect):
Disabling cookie inspection in an HTML inspection engine would reduce security, as cookies can be exploited in XSS attacks (e.g., session hijacking). This is a counterproductive action, not a preventive measure, rendering this option incorrect. (Reference: Cisco Secure Web Appliance Cookie Security.)

D. Run untrusted HTML input through an HTML sanitization engine (Correct):
HTML sanitization removes or neutralizes malicious code (e.g., <script> tags) from untrusted input before it is processed or rendered. This is a proactive preventive measure against XSS by ensuring only safe content is executed, making it a correct choice. (Reference: OWASP HTML Sanitization Guide.)

E. Same Site cookie attribute should not be used (Incorrect):
The "SameSite" cookie attribute (e.g., Lax or Strict) mitigates XSS by preventing cookies from being sent in cross-site requests, reducing session hijacking risks. Suggesting it should not be used is the opposite of a preventive measure, making this option incorrect. (Reference: OWASP Secure Cookie Attributes.)

Additional Notes:
Preventing XSS is a key topic in the 350-701 SCOR exam under content security. As of 11:45 AM PKT, October 03, 2025, encoding and sanitization are critical defenses.

Cisco Cloudlock

Explanation
The key phrases in the question are:

"exfiltration of credit card numbers"

"not being stored on-premise"

"protect sensitive data throughout the full environment"

This indicates the data is likely in cloud applications (like Salesforce, Microsoft 365, or Google Workspace) or being transmitted to cloud services, and the company needs to discover, monitor, and protect it wherever it resides.

B. Cloudlock:
This is the correct answer. Cisco Cloudlock is a Cloud Access Security Broker (CASB). Its primary functions are perfectly suited for this scenario:

Data Loss Prevention (DLP): It can scan cloud applications to discover and classify sensitive data like credit card numbers, even if they aren't supposed to be there.

Cloud DLP: It can monitor user activity in real-time and block or alert on attempts to exfiltrate this data (e.g., downloading a file containing credit cards to a personal device, or sharing it externally).

Full Environment Coverage: As a cloud-native, API-based solution, it protects data across multiple cloud services, providing visibility and control "throughout the full [cloud] environment."

Why the other options are incorrect:

A. Security Manager:
This is a network device management tool used primarily for configuring firewalls (ASA, FTD), routers, and switches. It is not a data-centric security tool and cannot discover or protect sensitive data within cloud applications.

C. Web Security Appliance (WSA):
The WSA is a web proxy that filters and secures internet traffic. While it has DLP capabilities, they are primarily focused on outbound web traffic (HTTP/HTTPS). It is not designed to scan and protect data at rest within cloud application platforms like Salesforce or Box, which is implied by "not being stored on-premise."

D. Cisco ISE (Identity Services Engine):
ISE is a network access control and policy enforcement tool. It controls who can get on the network and what they can access, but it does not have the capability to discover, classify, or prevent the exfiltration of specific data types like credit card numbers from within cloud applications.

Reference:
This aligns with the specific capabilities of the Cisco Cloudlock product within the security portfolio.

Cisco Cloudlock Data Sheet: Highlights its capabilities for cloud data security, including data discovery, classification, and DLP for cloud applications to prevent data exfiltration and comply with regulations like PCI DSS (which governs credit card data).

In summary, Cisco Cloudlock is the purpose-built tool for discovering and protecting sensitive data across cloud environments to prevent exactly the type of cloud-based exfiltration described.

Explanation:
Cisco Duo Security is a cloud-based access security platform built around multi-factor authentication (MFA). Its primary purposes are to verify user identities with high assurance and to provide secure access to applications.

Let's break down why A and D are correct and why the others are not:

A) flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications is CORRECT.
A key reason to adopt a modern MFA solution like Duo is to move beyond a single, rigid form of authentication. Duo provides a wide range of user-friendly verification methods (Duo Push, phone call, SMS, hardware tokens, biometrics) that cater to different user preferences and security requirements, making it easier to deploy and enforce MFA across the organization.

D) secure access to on-premises and cloud applications is CORRECT.
This is the fundamental business outcome of implementing Duo. By adding a second factor of authentication, Duo secures the login process for a vast ecosystem of applications, whether they are hosted in a corporate data center (on-premises) or in the cloud (like Office 365, Salesforce, AWS). It ensures that even if a password is compromised, an attacker cannot gain access without also possessing the user's second factor.

Why the other options are incorrect:

B) single sign-on access to on-premises and cloud applications is INCORRECT.
While Duo integrates with and can add MFA to Single Sign-On (SSO) solutions (like Duo Beyond, which includes SSO), the core Duo MFA service itself is not an SSO provider. SSO is a separate functionality that allows a user to log in once and access multiple applications without re-entering credentials. The base function of Duo is to add a layer of security on top of the login process, whether it's a single application or an SSO portal.

C) integration with 802.1x security using native Microsoft Windows supplicant is INCORRECT.
This describes a specific use case for network access control. While Duo can be integrated with Cisco ISE for 802.1X authentication, this is a specialized deployment and not one of the two primary, general reasons an organization would implement a solution like Duo. The core reasons are broader, focusing on application access and flexible MFA methods.

E) identification and correction of application vulnerabilities before allowing access to resources is INCORRECT.
This describes the function of a completely different class of security tools, such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scanners, or perhaps a web application firewall (WAF). Duo's role is to ensure the user is trustworthy, not to scan the application for vulnerabilities.

Reference:

Cisco Duo Data Sheets and Solution Overviews:
These documents consistently lead with value propositions like "Secure access to all your applications, anywhere" and "A flexible multi-factor authentication experience," directly aligning with options D and A.

Cisco SCOR 350-701 Exam Objectives:
The objectives cover secure network access and identity management, emphasizing MFA as a critical control for securing application access in hybrid (on-prem/cloud) environments.