An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?
A.
Client computers do not have an SSL certificate deployed from an internal CA server.
B.
Client computers do not have the Cisco Umbrella Root CA certificate installed.
C.
IP-Layer Enforcement is not configured.
D.
Intelligent proxy and SSL decryption is disabled in the policy.
Should be B.
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the-Intelligent-Proxy
Requirements and Implementation
Although only SSL sites on our 'grey' list will be proxied, it's required that the root certificate be installed on the computers that are using SSL Decryption for the Intelligent Proxy in their policy.
Without the root certificate, when your users go to that service, they will receive errors in the browser and the site will not be accessible. The browser, correctly, will believe the traffic is being intercepted (and proxied!) by a 'man in the middle', which is our service in this case. The traffic won't be decrypted and inspected; instead, the entire website won't be available.
https://docs.umbrella.com/deployment-umbrella/docs/rebrand-cisco-certificate-import-information
then
https://docs.umbrella.com/deployment-umbrella/docs/install-cisco-umbrella-root-certificate
all
No advice for pushing the Root CA Umbrella into an internal CA. Only via Windows GPO.
Cisco wants you to answer B.
root certificate be installed on the computers that are using ssl Decryption for the intelligent proxy in their policy
https://docs.umbrella.com/deployment-umbrella/docs/manage-intelligent-proxy
The answer is absolutely B, you will find it on the first paragraph in the link I included.
https://support.opendns.com/hc/en-us/articles/227987007-Block-Page-Errors-Installing-the-Cisco-Umbrella-Root-CA
Well it's a good thing I paid examtopics to see all the wrong answers on the rest of the questions. This is a missing certificate problem, but the missing certificate is a CA certificate. SSL certificates issued by internal CAs would prove the user's host machine's identity to the website, which is clearly not how web browsing works.
upvoted 6 times
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
screech
Highly Voted 3 years, 11 months agosamismayilov
Highly Voted 3 years, 11 months agoRemiK
Most Recent 10 months, 3 weeks agoMohammad_h_tarawneh
11 months agoJessie45785
2 years, 1 month agoWebster21
2 years, 5 months agosis_net_sec
2 years, 7 months agomrimmune
2 years, 11 months agojaciro11
3 years, 1 month agoMinion2021
3 years, 2 months agoMoII
3 years, 5 months agoZanaHiwa
3 years, 6 months agoeazy99
3 years, 7 months agotrickbot
3 years, 12 months ago