Exam 350-701 topic 1 question 274 discussion

Vote for C and E

I think AE is correct. https://www.cisco.com/c/en_uk/products/security/network-visibility-segmentation/index.html

Answer c, e

C and E are preventing visibility. Encryption and allowed outgoing traffic for DNS protocols

I believe C & E are correct: C. Traffic is encrypted: Messenger protocols often use encryption to secure the communication between users. While encryption provides privacy and security for legitimate users, it can also make it challenging for firewalls and intrusion prevention systems (IPS) to inspect and detect any potential data exfiltration. Encrypted traffic can bypass traditional security measures and make it difficult to identify if sensitive data is being transmitted. A. Messenger applications cannot be segmented with standard network controls: This statement is not accurate. Messenger applications can be subject to network segmentation, firewall rules, and network access controls like any other application. However, the ability to segment them may vary based on the specific implementation and network architecture.

Not C as SSL Decryption can be done on NGFW/IPS

A is incorrect - most of the modern communicators enforce SSL pinning - hence man in the middle approach is not an option cause traffic is encrypted it leaves us only with C and E https://docs.diladele.com/faq/squid/sslbump_exlusions/whatsapp.html

C is incorrect - most of the modern communicators enforce SSL pinning - hence man in the middle approach is not an option it leaves us only with A and E https://docs.diladele.com/faq/squid/sslbump_exlusions/whatsapp.html

It's weird how many people are suggesting 'C' for encrypted traffic when any security engineer knows a modern NGFWs have Decryption policies for such traffic, C is definitely not the right answer! I'm going A & E.

Messenger applications are often designed to bypass traditional network segmentation controls such as firewalls and proxies, making it difficult to detect and prevent data exfiltration

Messenger protocols often use encryption to protect communication between endpoints, which makes it difficult for firewalls and IPS systems to detect and prevent data exfiltration. Additionally, since messenger applications are designed to allow outgoing traffic so users can communicate with outside organizations, it can be difficult to distinguish legitimate communications from unauthorized data exfiltration attempts.

The two characteristics of messenger protocols that make data exfiltration difficult to detect and prevent are: C. Traffic encryption: Encrypting traffic makes it difficult for firewalls and IPS (Intrusion Prevention Systems) to inspect the content of the data. Encryption obscures the data being sent, making it more challenging to detect malicious activity. E. Outgoing traffic allowed: Allowing outgoing traffic for legitimate communication purposes makes it difficult to detect and prevent malicious data exfiltration. This is because the data being exfiltrated can be disguised as normal communication traffic, making it harder for security systems to distinguish between benign and malicious activity.

AE , answer is correct

I think AE

..encrypting traffic prevents intrusion detection systems and firewalls from inspecting the contents of the traffic (Fawcett, 2012)........there is a significant risk of data exfiltration via Skype traffic or more importantly, traffic that simply mimics the characteristics of Skype communication.....

vote for C and E... opcion B is not correct because a malware infection is not a "messenger protocol characteristic" as the question asked

Protocol is what the question is asking.