The correct answer is B. The Cisco Umbrella roaming client provides an advantage of visibility into IP-based threats by tunneling suspicious IP connections. This allows the client to protect against threats and prevent malware from making connections to attacker-controlled infrastructure, even over non-standard ports.
https://docs.umbrella.com/deployment-umbrella/docs/create-and-apply-policies
Enable IP-Layer Enforcement—For roaming client identities only, tunnels suspect IP connections to gain visibility into threats that bypass DNS lookups. For more information, see Add IP Layer Enforcement.
https://docs.umbrella.com/deployment-umbrella/docs/6-adding-ip-layer-enforcementz
and of course.. its eol july 2022 - wasting time studying on dead topics
Leaning toward B rather than C, because:
- less likely to be C, as uncategorized traffic is blocked (NOT dynamically learnt) : https://docs.umbrella.com/umbrella-user-guide/docs/manage-content-categories-for-web-policies
- more likely to be B "Our endpoint footprint simply forwards DNS requests or tunnels to suspicious IP connections to the nearest data center in our global network." https://umbrella.cisco.com/solutions/off-network-endpoint-security
B. Visibility into IP-based threats by tunneling suspicious IP connections.
This ensures that all devices are protected from malicious activity, regardless of their location.
B resonates the most with this statement
These clients protect users from connections to malicious destinations and command-and-control callbacks at the DNS and IP layers, no matter where the device connects to the internet.
https://umbrella.cisco.com/blog/secure-remote-workers-with-the-cisco-umbrella-roaming-client#:~:text=By%20using%20the%20Umbrella%20roaming,devices%20with%20device%2Dlevel%20reporting.
Thank you, found this on the link you provided:
Our endpoint footprint simply forwards DNS requests or tunnels to suspicious IP connections to the nearest data center in our global network. Our simple solution is so powerful because it enables Umbrella to be a virtual “bump-in-the-wire” for every internet connection. We allow good requests. We redirect users to a block page for malicious requests. And we can even proxy connections from risky domains for deeper inspection.
I go with B. Based on work experience. Below is some documentation:
https://umbrella.cisco.com/blog/opendns-adds-ip-layer-enforcement-umbrella
IP layer enforcement works by checking traffic against a comprehensive list of suspect IP addresses from an OpenDNS threat intelligence database in realtime. If traffic from an endpoint matches an IP from the suspect list, it injects a route to OpenDNS servers and blocks the connection if it is malicious.
Function you are talking about is inteligent proxy, not roamin client
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Tuxzinator
Highly Voted 2 years, 2 months agoluismg
Most Recent 7 months, 2 weeks agoiluvmicrosoft
1 year agojku2cya
1 year, 9 months agoPrzemol
1 year, 10 months agoJessie45785
2 years agoachille5
2 years, 2 months agoachille5
2 years, 2 months agojienBoq
2 years, 3 months agoCCNP21
2 years, 3 months agodavezz
2 years, 2 months agowest33637
2 years, 3 months agoEmlia1
2 years, 4 months agotesttaker13
2 years, 7 months agoInitial14
2 years, 6 months ago