Exam 200-901 topic 1 question 137 discussion

Cisco Umbrella is a Domain Name System (DNS)-based security mechanism that can provide common security for both on-premises and off-premises to provide endpoint security. Cisco Umbrella on-premises deployments do not require an agent to be installed on the endpoint. The firewall is good for blocking inbound threats, but consider threats that originate inside the network. These threats cannot be stopped by perimeter security because they are already behind the firewall. Cisco Umbrella can block client connections at the application layer, regardless of network connection or perimeter security, by preventing the client from resolving DNS for the remote destination. If the client cannot resolve DNS for the remote destination, it cannot establish a connection and download the malware. Cisco Umbrella can be used to prevent connections to malicious websites or to websites that violate corporate security policy.

Definitely Umbrella

KeyWord = domain Umbrella blocks access to malicious domains, URLs, IPs, and files. The system looks at the nature of any DNS requests and takes an action based on its threat intelligence, which is a large-scale repository of historical data about threats. In turn, Umbrella is building models that classify requests so that you build on its threat intelligence. These requests can be safe and allowed, malicious and blocked, or deemed "risky" and sent to a proxy for deeper inspection.

I think it should be C - Umbrella but I think Firepower can also do that sort of deny action

Umbrella works with URLs and Firepower with ACLs. https://developer.cisco.com/docs/cloud-security/#!enforcement-introduction-overview/overview

Why not Umbrella?