To configure an NTP enabled router to require authentication when other devices connect to it, use

the

following commands:

NTP_Server(config)#ntp authentication-key 2 md5 securitytut

NTP_Server(config)#ntp authenticate

NTP_Server(config)#ntp trusted-key 2

Then you must configure the same authentication-key on the client router:

NTP_Client(config)#ntp authentication-key 2 md5 securitytut

NTP_Client(config)#ntp authenticate

NTP_Client(config)#ntp trusted-key 2

NTP_Client(config)#ntp server 10.10.10.1 key 2

Note: To configure a Cisco device as a NTP client, use the command ntp server . For

example:

Router(config)#ntp server 10.10.10.1. This command will instruct the router to query 10.10.10.1 for

the time.

To understand DHCP snooping we need to learn about DHCP spoofing attack first.

DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and

answers them with fake DHCP Response before the authorized DHCP Response comes to the clients.

The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent

from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the

attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the

DHCP Server so that it can’t send the DHCP Response.

DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that

determines which switch ports can respond to DHCP requests. Ports are identified as trusted and

untrusted.

Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of

DHCP

messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP

response is seen on an untrusted port, the port is shut down.

The port connected to a DHCP server should be configured as trusted port with the “ip dhcp

snooping trust” command. Other ports connecting to hosts are untrusted ports by default.

In this question, we need to configure the uplink to “trust” (under interface Gi1/0/1) as shown below.

DevSecOps (development, security, and operations) is a concept used in recent years to describe how

to move

security activities to the start of the development life cycle and have built-in security practices in the

continuous

integration/continuous deployment (CI/CD) pipeline. Thus minimizing vulnerabilities and bringing

security closer

to IT and business objectives.

Three key things make a real DevSecOps environment:

+ Security testing is done by the development team.

+ Issues found during that testing is managed by the development team.

+ Fixing those issues stays within the development team.

https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-701/page_177_img_1.jpg

Cisco Advanced Phishing Protection provides sender authentication and BEC detection capabilities. It

uses advanced machine learning techniques, real-time behavior analytics, relationship modeling,

and telemetry to protect against identity deception-based threats.

Reference: https://docs.ces.cisco.com/docs/advanced-phishing-protection

:

Application Visibility and control (AVC) supports NetFlow to export application usage and

performance

statistics. This data can be used for analytics, billing, and security policies.

The Cisco Umbrella roaming client is a cloud-delivered security service for Cisco’s next-generation

firewall that protects employees when they are off the VPN. No additional agents are required.

Simply enable the Umbrella functionality in the Cisco AnyConnect client. One of the advantages of

the Umbrella roaming client is that it provides visibility into IP-based threats by tunneling suspicious

IP connections to the Umbrella cloud for inspection and blocking. This way, the roaming client can

prevent malware, phishing, and command-and-control callbacks from reaching malicious domains

and IPs, regardless of the port or protocol. The Umbrella roaming client also provides DNS-layer

security when the VPN is off, and proactive blocking of emerging threats using real-time data

analysis. Reference:

Cisco Umbrella Roaming

3 Benefits of Using Roaming Client with Cisco Umbrella

Secure remote workers with the Cisco Umbrella roaming client

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 (Module 5.1.1)

<img src="https://www.examtopics.com/assets/media/exam-media/04313/0006200002.png">Cisco Tetration platform studies the behavior of the various processes and applications in the workload, measuring them against known bad behavior sequences. It also factors in the process hashes it collects. By studying various sets of malwares, the Tetration Analytics engineering team deconstructed it back into its basic building blocks. Therefore, the platform understands clear and crisp definitions of these building blocks and watches for them. The various suspicious patterns for which the Cisco Tetration platform looks in the current release are: + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree. + Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts. Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods. + Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user. + Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform. Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetrationanalytics/whitepaper-c11-740380.html