nerdexam
Cisco

350-701 · Question #31

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

The correct answer is B. External Threat Feeds. External Threat Feeds (B) are the primary integration point for Cisco Threat Intelligence Director (TID) - they supply structured threat data (indicators of compromise, malicious IPs, domains, file hashes) that TID ingests, correlates, and acts on, enabling SOC teams to automate

Submitted by daniela_cl· Mar 30, 2026Network Security

Question

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Options

  • ACisco Umbrella
  • BExternal Threat Feeds
  • CCisco Threat Grid
  • DCisco Stealthwatch

How the community answered

(54 responses)
  • A
    2% (1)
  • B
    94% (51)
  • D
    4% (2)

Explanation

External Threat Feeds (B) are the primary integration point for Cisco Threat Intelligence Director (TID) - they supply structured threat data (indicators of compromise, malicious IPs, domains, file hashes) that TID ingests, correlates, and acts on, enabling SOC teams to automate policy-driven responses before threats materialize.

  • Cisco Umbrella (A) is a DNS-layer security product that blocks threats at the DNS level; it doesn't feed threat intelligence into TID - it's a consumer of policy, not a data supplier.
  • Cisco Threat Grid (C) performs malware analysis and sandboxing, and while it can enrich threat data, TID's core design is built around ingesting external STIX/TAXII-formatted threat feeds, not Threat Grid specifically.
  • Cisco Stealthwatch (D) is a network traffic analysis and anomaly detection tool; it generates internal telemetry about your own network behavior rather than providing external threat intelligence to TID.

Memory tip: Think of TID as a funnel - External Threat Feeds are what you pour into it from the outside world (STIX/TAXII sources, ISACs, commercial feeds), while the other options (Umbrella, Stealthwatch, Threat Grid) are Cisco tools that operate within or alongside your environment rather than serving as intelligence suppliers to TID.

Topics

#Cisco Threat Intelligence Director#Threat Intelligence#External Feeds#Security Automation

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice