Exam 350-701 topic 1 question 90 discussion

correct answer is D - VPC flow logs

Its D I totally remember when I configure the first time the Stealthwatch Cloud

VPC flow logs

D is correct

A, B, C are for data networks containing switches and routers VPC slow log is meant for cloud based network like AWS. Now, Secure Cloud Analytics (formerly Stealthwatch Cloud) can automatically retrieve VPC Flow Logs as a primary or supplementary data source for entity modeling. This means you can now monitor network activity in a cloud environment and increase your security.

Using the cloud provider..

Stealthwatch Cloud can be deployed without software agents, relying on the native AWS Virtual Private Cloud (VPC) flow logs. https://aws.amazon.com/marketplace/pp/prodview-woiawecmdlezq

D - VPC flow logs is answer The question asks "public cloud" and cisco made the following explanation. Cisco Telemetry Broker The Cisco Telemetry Broker is capable of ingesting network telemetry from a variety of telemetry sources, transforming their data formats, and then forwarding that telemetry to one or multiple destinations. For example, it can ingest any of the following: ● On-premises network telemetry, including NetFlow, SYSLOG, and IPFIX ● Cloud-based telemetry sources, such as AWS VPC flow logs and Azure NSG flow logs And it can forward that telemetry to any or all of the following example destinations: ● Analytics platforms, such as Hadoop ● Network management and automation platforms, such as Cisco DNA Center ● Security Information and Event Management (SIEM) platforms ● Storage/smart capture, such as Cisco Security Analytics and Logging (On-premises) https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html

Specifically, AWS VPC Flow Logs contain the following information: ●      Which IP entities are communicating inside and outside the VPC ●      Which protocols (such as TCP and UDP) are being used ●      How much traffic is sent and received by each entity ●      Whether the flow was allowed or blocked by the security policy

Correct answer is D

This is a tricky question. VPC is valid option only for AWS (Azure and Google uses different terms), and AWS doesn't send telemetry to Stealthwatch. Stealthwatch fetch logs from AWS via API. I think B is therefore most valid answer.

Looks like this solution supports Azure and AWS. Based on the docs for Azure setup it doesn't look like they refer to the logs as VPC Flow Logs (AWS). So based on that I'd stick with B. https://www.cisco.com/c/en/us/support/security/stealthwatch-cloud/products-installation-guides-list.html#pcm

It's B From the book SCOR 350-701: Stealthwatch Cloud is a Software as a Service (SaaS) cloud solution. You can use Stealthwatch Cloud to monitor many different public cloud environments, such as Amazon’s AWS, Google Cloud Platform, and Microsoft Azure. All of these cloud providers support their own implementation of NetFlow: ■■ In Amazon AWS, the equivalent of NetFlow is called VPC Flow Logs. You can obtain detailed information about VPC Flow Logs in AWS at https://docs.aws.amazon.com/ vpc/latest/userguide/flow-logs.html. ■■ Google Cloud Platform also supports VPC Flow Logs (or Google-branded GPC Flow Logs). You can obtain detailed information about VPC Flow Logs in Google Cloud Platform at https://cloud.google.com/vpc/docs/using-flow-logs. ■■ In Microsoft’s Azure, traffic flows are collected in Network Security Group (NSG) flow logs. NSG flow logs are a feature of Network Watcher. You can obtain additional information about Azure’s NSG flow logs and Network Watcher at https://docs.microsoft. com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview

Its D https://aws.amazon.com/marketplace/pp/prodview-woiawecmdlezq

Not seeing anything related to PUBLIC CLOUD and vpc

correct answer is b : In AWS environments, Cisco Stealthwatch Cloud can be deployed without software agents, relying on the native AWS Virtual Private Cloud (VPC) flow logs. Deployment can be accomplished in minutes by simply giving Cisco Stealthwatch Cloud read-only access to these VPC flow logs. In addition to VPC flows logs, other AWS telemetry data can also be used. GCP also uses VPC flow logs for rapid deployment and integration. Currently for Microsoft Azure environments, Cisco Stealthwatch Cloud relies first on a Linux-based software appliance, called the Observable Networks Appliance (ONA), and second on a third-party host-based NetFlow exporter such as Ziften or FlowTraq.

Answer is D - Stealthwatch Cloud can be deployed without software agents, relying on the native AWS Virtual Private Cloud (VPC) flow logs