Exam 350-201 topic 1 question 44 discussion

ChatGPT: NetFlow and event data are the most relevant telemetry feeds to correlate with Cisco Secure Network Analytics (Stealthwatch) and ISE to identify malware-infected endpoints and trigger actions such as quarantine. These feeds provide comprehensive insights into both traffic patterns and security events.

A is correct

Answer A. Exclude any answers with SNMP. https://www.infosim.net/stablenet/blog/the-similarities-and-differences-between-snmp-and-telemetry/#:~:text=SNMP%20uses%20the%20polling%20method,a%20flow%2Dcontrolled%20transport%20layer.

A. NetFlow and event data -ChatGPT

D https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html

I think A is correct. https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html The Flow Collector collects and stores enterprise telemetry types such as NetFlow, IPFIX (Internet Protocol Flow Information Export), NVM, and SYSLOG from existing infrastructure https://www.rapid7.com/blog/post/2017/05/24/what-is-syslog/ Syslog has been around for a number of decades and provides a protocol used for transporting event messages between computer systems and software applications. Syslog is used to send "event data"

I would go with Answer "B" on the following bases: Syslog Data = the only data which are valuable from NAD (Switch - 802.1x) Event Data = NetFlow "NetFlow and syslog data" would have been a correct answer if included to the answers... The answers are clearly trying to confuse the candidate. Classic Cisco...

SMC and FC only communicate over 443 (must mean "Event Data"), the NETFLOW* data is not actually being sent to SMC for correlation. SNMP is not telemetry. SMC can receive Syslog from external sources, and of course the event data, meaning netflow telemetry queried from the FC and/or Threat Intel sources. The keywork is telemetry..... Answer is B

Correction: Correct Answer is D: NetFlow and SNMP https://www.ciscopress.com/articles/article.asp?p=791595&seqNum=2

Correct Answer is A Telemetry Tools After all information is collected from the network (packet captures, NetFlow, logs), suspicious activity can be identified by analyzing the information. There are many vendors that can aggregate and process all the available data to assess the security of the network. Some, but not all, of these tools are available from Splunk, Lancope, Plixer, and SolarWinds. All these can collect and analyze NetFlow in meaningful ways. https://tools.cisco.com/security/center/resources/network_integrity_monitoring.html#8