350-401 · Question #148
350-401 Question #148: Real Exam Question with Answer & Explanation
The correct answer is B: Cisco Stealthwatch system. Explanation Cisco Stealthwatch is specifically designed for network visibility and security analytics, providing deep user and flow context analysis by collecting and examining NetFlow data across the network to detect anomalies, insider threats, and unusual traffic patterns. Ste
Question
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?
Options
- ACisco Firepower and FireSIGHT
- BCisco Stealthwatch system
- CAdvanced Malware Protection
- DCisco Web Security Appliance
Explanation
Explanation
Cisco Stealthwatch is specifically designed for network visibility and security analytics, providing deep user and flow context analysis by collecting and examining NetFlow data across the network to detect anomalies, insider threats, and unusual traffic patterns. Stealthwatch builds behavioral baselines and correlates user identity with network flows, making it the dedicated solution for this type of contextual analysis within the Cisco Cyber Threat Defense framework.
Why the distractors are wrong:
- Option A (Firepower/FireSIGHT) focuses on intrusion detection/prevention (IDS/IPS) and network traffic inspection for known threats - not flow-based behavioral analysis.
- Option C (Advanced Malware Protection/AMP) is designed for malware detection, tracking, and remediation across endpoints and networks, not user/flow context.
- Option D (Cisco Web Security Appliance/WSA) handles web traffic filtering, URL filtering, and proxy services - it secures web access but doesn't perform broad flow context analysis.
💡 Memory Tip: Think of Stealthwatch = "Stealth" surveillance - it watches all network flows quietly in the background, tracking who is doing what on the network. If the question mentions flows, behavior, or user context, think Stealthwatch.
Topics
Community Discussion
No community discussion yet for this question.