Exam 350-701 topic 1 question 106 discussion

Answer = B I work with Umbrella and Firepower daily. You can do this with Firepower, Umbrella whole existence is for blocking DNS connections to malicious sites before they are made, and blocking applications from launching on the internal network. For example, our users can't access Pandora, FB, Google Docs while on our internal network based on a policy configured in Umbrella.

A is correct, Firepower has AVC feature that can block traffic based on application.

Acts as a first line of defense, blocking threats before they reach the network or endpoints.

Answer b

I would say is D Umbrella cannot stop ip connections firepower just traffic that goes through it. amp is host ralated, it can block any connection

Block the process right at the beginning, i.e. at the DNS request step, before making a connection to the bad website. - B

Correct answer B. Checked in securitytut

Answer B

Umbrella, is trying to block the start of the conversation with bad websites, why block the application when you know you can block way earlier on the traffic flow?

The solution must be able to block certain applications from being used within the network I really think it is D cause: - NGFW cannot stop it in L2 - Umbrella can block only DNS protocol - what about all the other ones - wont be able to detect it - WSA - proxy will definitely will not help here ... but AMP can block application from being able to start hence cutting it from TCP stack and fulfilling a requirement of "blocking malicious destinations prior to a connection being established" but it is Cisco so you never know :/

It's B, Umbrella can block the connection before firepower L7 application detectors kick in.

I think most of us already get the keywords here "prior to a connection being established" and "within the network". Can I make an example that if there are two internal users, let say User-1 and User-2, within the network, which solution can block the certain application being send from User-1 to User-2?

This is a tricky one, the question is weird because the keywords are "prior to a connection being established" and "must be able to block certain applications". It is true that Umbrella blocks the DNS traffic so that it does that take care of "prior to a connection being established". However, Umbrella does not block the application itself just the DNS traffic, so if the application does not utilize DNS and is IP based, it will not block anything, Firepower on the other hand can block the applications and with a "Block with Reset" it does not allow any connection to be established. Also, both can block based on malicious destination. I will still go with B though.

A is correct a firewall will block certain applications that might already be on the network.

Prior to a connection being established - This is classic Umbrella - DNS security is first line of defence.

The answer is B. Cisco Umbrella. Cisco Umbrella is a cloud-based security solution that provides advanced threat protection and blocks malicious destinations before a connection is established. It uses DNS-layer security to block requests to known malicious domains and IPs, and it also has the capability to block certain applications from being used within the network. By implementing Cisco Umbrella, the organization can improve their defense in depth by preventing malicious traffic from entering the network, thus reducing the risk of a successful cyber attack.

I think A is the Cisco's correct answer. the question asks "within the network". Umbrella would do on and off the network/app blocking. Similarily, firepower can do network/app block for the network. Umbrella would be a overkill for a "organization". https://community.cisco.com/t5/network-security/firepower-or-umbrella-for-blocking-urls-applications-ip/td-p/4430076