Exam 200-201 topic 1 question 130 discussion

The correct answer is D. Stealthwatch.

Correct ANS= C

Stealthwatch is a network traffic monitoring and analysis tool that provides visibility into network behavior and detects anomalies and threats. It can collect and analyze data from a variety of sources, including network devices, servers, and applications, and generate alerts and reports based on predefined rules and machine learning algorithms. In this case, the engineer can configure Stealthwatch to collect logs from the proxy server and analyze the data to identify any suspicious or malicious activity. Stealthwatch can also correlate the logs with other network data to provide a more comprehensive view of the network and detect advanced threats that may be hiding in the noise. Firepower, Email Security Appliance, and Web Security Appliance are security technologies that can provide additional layers of protection for specific types of traffic, but they are not designed for network monitoring and analysis like Stealthwatch.

The best answer is C. The Web Security Appliance (WSA) is designed to filter web traffic and enforce corporate security policies. It can also generate logs and alerts based on the traffic it filters, allowing for event correlation and analysis. Firepower is a network security platform that provides intrusion prevention, advanced malware protection, and URL filtering. The Email Security Appliance (ESA) is designed to protect against email-based threats, including spam, viruses, and phishing attacks. Stealthwatch is a network traffic analysis platform that provides visibility into network behavior and detects anomalous activity. While all of these technologies can generate logs, the WSA is the best choice for generating events based on proxy server traffic.

the answer is C WSA: fetches logs related to web traffic such as URLs, web requests, and responses. It also collects information about user activity, web applications, and malware threats.WSA is designed to monitor and control web traffic, fetch logs related to web traffic, and generate alerts and events based on certain conditions or criteria. Stealthwatch: fetches logs related to network traffic such as flow data, NetFlow, and other telemetry data. It also collects information about user and device behavior, network connections, and threat intelligence.

The answer is WSA: fetches logs related to web traffic such as URLs, web requests, and responses. It also collects information about user activity, web applications, and malware threats. Stealthwatch: fetches logs related to network traffic such as flow data, NetFlow, and other telemetry data. It also collects information about user and device behavior, network connections, and threat intelligence. WSA is enough

The technology that the engineer should use to accomplish this task is D. Stealthwatch. Stealthwatch is a network traffic analysis (NTA) tool that provides real-time visibility into network traffic and helps to detect and respond to threats. It can also be used to fetch logs from various network devices and generate actual security events according to the data received. Firepower, Email Security Appliance, and Web Security Appliance are different security technologies that provide various security features such as firewall, intrusion prevention, email security, and web security.

D. is correct Stealthwatch collects telemetry from every part of the network and applies advanced security analytics to the data. It creates a baseline of normal web and network activity for a network host, and applies context-aware analysis to automatically detect anomalous behaviors.

D is correct

Wsa as proxy can export logs to Stealwatch to analysis and correlation.

should be WSA