Exam 350-701 topic 1 question 226 discussion

Output clearly shows that risky domains (C&C, Malware, Phishing) will be blocked by "Security Settings". Intelligent Proxy (answer C) is configured under the "Advanced settings", which is not visible on the output.

a) Application Settings: NO - Traffic is not handled by application settings as these are not applied. b) Security Settings: NO - It would be logical handle risky domains here, but as the picture shows, no such a thing was set here. For blocking risky domains, you would need to choose Security Settings -> Potentially Harmful Domains. Now we can see that the category for blocking "Potentially Harmful Domains" is not selected. They only selected blocking: Command and Control Callbacks, Malware, and Phishing Attacks, but nothing else. So, Security Settings are not managing risky domains.

The answer is B C is not because you can use umbrella just for dns security.

File analysis enable = intelligent proxy Should be C

check out question 230

C is CORRECT - File analisys only is enabled when intelligent proxy is enable, even not seeing proxy configuration, we can assume that is enabled...

'Risky domain' is a term the documentation use for grey list / Intelligent Proxy. The IP cannot be seen but should be enabled in Advanced Settings.

"Refer to the Exhibit" We can not even see if Intelligent Proxy is enabled. So, it´s B.

Don't overthink it. The question first states "Refer to the exhibit".

https://docs.umbrella.com/deployment-umbrella/docs/manage-intelligent-proxy#:~:text=It%27s%20simple%3A%20Umbrella%20blocks%20those,again%2C%20no%20proxy%20is%20required. On this link Read this whole para: Which clearly states how Umberalla will handle "risky domains" Umbrella's intelligent proxy intercepts and proxies requests for URLs, potentially malicious files, and domain names associated with certain uncategorized or unknown domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access but also pose a risk because of the possibility of hosting malware. Administrators don't want to block access to an unknown domain for all users, but they also don't want your users to access files that could harm their computers or compromise company data.

After going through the document, I change to "C". It is because File Inspection is enabled, and it is an extension of the Intelligent Proxy. https://docs.umbrella.com/deployment-umbrella/docs/file-inspection#:~:text=File%20inspection%20is%20an%20extension%20of%20the%20intelligent%20proxy%E2%80%99s%20scope%20and%20functionality

The question is "Refer to the exhibit". Refer to the exhibit, we do not see any hints for Intelligent Proxy. So the answer should be "B", which the exhibit already mentioned it.

Even though from logical point of view C makes more sense,... look at the Question 230 ... hence against myself I am voting for B 230. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats? A. Application Control B. Security Category Blocking C. Content Category Blocking D. File Analysis Correct Answer: B

C It seems the "File Analysis Enabled, File Inspection Enabled" indicates the Intelligent Proxy is enabled, as in order to do file inspection, web traffic needs to be pulled to the proxy server for inspection. Below link shows file inspection is a sub option after Intelligent Proxy is enabled: https://docs.umbrella.com/umbrella-user-guide/docs/enable-the-intelligent-proxy

C https://docs.umbrella.com/deployment-umbrella/docs/manage-intelligent-proxy

Answer is C, as Umbrella Security Settings blocks the URL and protects against phishing while Intelligent Proxy proxies the website and filters the malicious traffic https://docs.umbrella.com/deployment-umbrella/docs/dns-security-categories

I believe the answer is C. Umbrella uses intelligent proxy for risky domains.