Cisco
350-201 · Question #79
350-201 Question #79: Real Exam Question with Answer & Explanation
The correct answer is B: event data and syslog data. In the Cisco Rapid Threat Containment solution, the Stealthwatch Management Console (SMC) correlates event data from ISE and syslog data from network devices to identify malware on authenticated endpoints.
Security Monitoring
Question
Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?
Exhibit
Options
- ANetFlow and event data
- Bevent data and syslog data
- CSNMP and syslog data
- DNetFlow and SNMP
Explanation
In the Cisco Rapid Threat Containment solution, the Stealthwatch Management Console (SMC) correlates event data from ISE and syslog data from network devices to identify malware on authenticated endpoints.
Common mistakes.
- A. NetFlow data is the native data source that Stealthwatch itself collects and processes internally from network devices, so it is not a separate feed correlated externally with SMC.
- C. SNMP is a network management and monitoring protocol used for device polling and traps, and is not a primary telemetry feed used by Stealthwatch SMC for malware correlation.
- D. NetFlow is natively processed within Stealthwatch rather than being an external feed correlated with SMC, and SNMP does not provide the behavioral telemetry needed for malware detection in this architecture.
Concept tested. Cisco Stealthwatch and ISE RTC telemetry correlation
Reference. https://www.cisco.com/c/en/us/solutions/enterprise-networks/rapid-threat-containment/index.html
Topics
#Cisco Stealthwatch#ISE#network telemetry#threat containment
Community Discussion
No community discussion yet for this question.