An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation. How will this issue be addressed globally in the quickest way possible and with the least amount of impact?
A.
by creating a URL object in the policy to block the website.
B.
Cisco Talos will automatically update the policies.
A. by creating a URL object in the policy to block the website.
Creating a URL object in the policy to block the website is the quickest way to address the issue globally with the least amount of impact. This approach is more targeted and less disruptive than denying all outbound web access or isolating the endpoint. Cisco Talos may eventually update the policies, but it could take some time before the new threat is identified and added to the blacklist.
Does not currently bad reputation... Threat Grid could be a good solution - it can chack it in sandbox and set a bad reputation but it is time consuming.
Correct is A
A = real-world scenario, as someone who manages these devices I do answer A on a regular basis. It takes about 3-minutes to implement, is global to the org, and only impacts the malicious site.
When I can do this myself why in the world would I submit it to Talos and keep my fingers crossed while there is potential for malware to spread throughout my network.
tricky is the following, "How will this issue be addressed globally" and "in the quickest way possible" and "with the least amount of impact"
How will this issue be addressed globally - The answer can be B, but
"in the quickest way possible" - The answer will be A
We can not wait for Talos to do an update because this is not the quickest way.
so I vote for A
Answer is B. You can do a manual submission to Talos and the disposition returned will be updated. Also it says "least amount of impact". Answer A will need to be deployed after you change the policy.
You have a lotta confidence in your answer, given that you are presupposing the exam question writer is expecting the exam taker to make a jump of logic that 1. option B requires manual intervention on the engineer's part, 2. That Talos will update disposition on a timely matter, instead of an hour or two, and meanwhile, connections from your network can still reach the malicious site and spew malware into your environment. Answer is A.
There are four keywords in the question:
Organization, globally, quickest and least amount of impact
Globally means worldwide, if it is referring to internal, it should say organizational
Talos feeds are updated by default every hour. You can change the update frequency.
I would go for B.
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-sec-intel.html
Globally doesnt mean world wide, but instead globally within your company (as apposed to locally - device specific).
Therefore A must be the correct answer.
We can wait a lot until Talos adds URL to DB.
A - better decision.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ASIFIMRAN
Highly Voted 3 years, 10 months agosquirrelzzz
Most Recent 9 months, 4 weeks agoCokamaniako
2 years agoJoe_Blue
2 years, 2 months agoMevijil
2 years, 5 months agoBorZol
2 years, 8 months agoaaInman
2 years, 11 months agohz033
3 years agoReece_S
3 years agoCokamaniako
2 years agoShortbusruss
1 year, 11 months agoorotta
3 years, 3 months agoIPsecchio
3 years, 5 months agoccnp_archer_dk
3 years, 6 months agoessie007
3 years, 10 months agoBobster02
3 years, 11 months agokakakayayaya
3 years, 11 months agoBobster02
3 years, 11 months agokakakayayaya
3 years, 11 months ago