ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 44 discussion

Actual exam question from Cisco's 350-201
Question #: 44
Topic #: 1
[All 350-201 Questions]


Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with
SMC to identify the malware?

  • A. NetFlow and event data
  • B. event data and syslog data
  • C. SNMP and syslog data
  • D. NetFlow and SNMP
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bobster02 at July 20, 2021, 12:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
marceus
4 months, 2 weeks ago
Selected Answer: A
ChatGPT: NetFlow and event data are the most relevant telemetry feeds to correlate with Cisco Secure Network Analytics (Stealthwatch) and ISE to identify malware-infected endpoints and trigger actions such as quarantine. These feeds provide comprehensive insights into both traffic patterns and security events.
upvoted 1 times
...
shilp21
7 months, 3 weeks ago
A is correct
upvoted 1 times
...
jay_c_an
1 year, 1 month ago
Answer A. Exclude any answers with SNMP. https://www.infosim.net/stablenet/blog/the-similarities-and-differences-between-snmp-and-telemetry/#:~:text=SNMP%20uses%20the%20polling%20method,a%20flow%2Dcontrolled%20transport%20layer.
upvoted 1 times
...
DrVoIP
1 year, 4 months ago
A. NetFlow and event data -ChatGPT
upvoted 1 times
...
TOLU1985
1 year, 9 months ago
Selected Answer: D
D https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html
upvoted 1 times
...
dats
1 year, 9 months ago
I think A is correct. https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html The Flow Collector collects and stores enterprise telemetry types such as NetFlow, IPFIX (Internet Protocol Flow Information Export), NVM, and SYSLOG from existing infrastructure https://www.rapid7.com/blog/post/2017/05/24/what-is-syslog/ Syslog has been around for a number of decades and provides a protocol used for transporting event messages between computer systems and software applications. Syslog is used to send "event data"
upvoted 1 times
...
gsmith7
2 years, 1 month ago
I would go with Answer "B" on the following bases: Syslog Data = the only data which are valuable from NAD (Switch - 802.1x) Event Data = NetFlow "NetFlow and syslog data" would have been a correct answer if included to the answers... The answers are clearly trying to confuse the candidate. Classic Cisco...
upvoted 3 times
...
CiscoTester
2 years, 7 months ago
SMC and FC only communicate over 443 (must mean "Event Data"), the NETFLOW* data is not actually being sent to SMC for correlation. SNMP is not telemetry. SMC can receive Syslog from external sources, and of course the event data, meaning netflow telemetry queried from the FC and/or Threat Intel sources. The keywork is telemetry..... Answer is B
upvoted 4 times
...
Bobster02
2 years, 11 months ago
Correction: Correct Answer is D: NetFlow and SNMP https://www.ciscopress.com/articles/article.asp?p=791595&seqNum=2
upvoted 3 times
...
Bobster02
2 years, 11 months ago
Correct Answer is A Telemetry Tools After all information is collected from the network (packet captures, NetFlow, logs), suspicious activity can be identified by analyzing the information. There are many vendors that can aggregate and process all the available data to assess the security of the network. Some, but not all, of these tools are available from Splunk, Lancope, Plixer, and SolarWinds. All these can collect and analyze NetFlow in meaningful ways. https://tools.cisco.com/security/center/resources/network_integrity_monitoring.html#8
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel