we will showcase Cisco Threat Intelligence Director (CTID) an exciting feature on Cisco’s Firepower
Management Center (FMC) product offering that automates the operationalization of threat intelligence. TID
has the ability to consume threat intelligence via STIX over TAXII and allows uploads/downloads of STIX and
simple blacklists.
Reference: https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligencedirector - Answer B Consumption
The correct answer is B. Consumption.
Cisco Firepower is a security solution that provides threat detection, prevention, and response capabilities for networks. One of the key features of Firepower is its integration with Cisco Talos, a global threat intelligence organization that provides real-time information on the latest security threats and vulnerabilities.
When Firepower downloads threat intelligence updates from Talos, this process is called consumption. Firepower uses this information to update its own threat intelligence database and to identify and block any new threats that may be present on the network.
Authoring refers to the process of creating or writing security rules and policies for a network. Sharing refers to the ability to share threat intelligence and other security information with other organizations or security solutions. Analysis refers to the process of examining and interpreting security data to identify potential threats or vulnerabilities.
The answer is consumption (B) - https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligence-director
"TID has the ability to consume threat intelligence via STIX over TAXII and allows uploads/downloads of STIX and simple blacklists"
"Cisco Talos Intelligence Group (Talos) feeds—Talos provides access to regularly updated security intelligence feeds. Sites representing security threats such as malware, spam, botnets, and phishing appear and disappear faster than you can update and deploy custom configurations. The system downloads feed updates regularly, and thus new threat intelligence is available without requiring you to redeploy the configuration." - https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm-sec-intel.html
While I can't find any reference at all, "sharing" makes more sense to me. Firepower is not consuming anything (yet), but Talos is sharing the intelligence with other devices.
I wonder how Analysis was chosen as the answer. I can not find any good answer online or in the official cert guide. Closest thing is from https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligence-director
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dzef13
Highly Voted 3 years, 5 months agoMarshpillowz
Most Recent 7 months, 2 weeks agoyong08321
1 year, 6 months agohaiderzaid
1 year, 7 months agoEmlia1
1 year, 11 months agofrancojaraba
2 years, 4 months agofrancojaraba
2 years, 4 months agoLaryoul
2 years, 7 months agoefongvan
2 years, 11 months agoSarbi
3 years, 2 months agoSeawanderer
3 years, 4 months agoRaajaa
3 years, 4 months agostatikd
3 years, 5 months agoentitty
3 years, 5 months ago