350-701 Exam Dumps : Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

ExplanationCisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.

Wired 802.1X authentication is a port-based network access control that uses the physical characteristics of the switched LAN infrastructure to authenticate devices attached to a LAN port1. Wired 802.1X authentication requires three components: a supplicant, an authenticator, and an authentication server2. The supplicant is the client device that requests access to the network. The authenticator is the switch port that controls the access to the network based on the authentication result. The authentication server is the server that validates the credentials of the supplicant and sends the authentication result to the authenticator3.

In this question, option A is correct because Cisco Identity Service Engine (ISE) is an example of an authentication server that supports wired 802.1X authentication4. Option C is correct because Cisco Catalyst switch is an example of an authenticator that supports wired 802.1X authentication5. Option B is incorrect because Cisco AnyConnect ISE Posture module is not a supplicant, but a software component that checks the compliance status of the supplicant. Option D is incorrect because Cisco ISE is not an authenticator, but an authentication server. Option E is incorrect because Cisco Prime Infrastructure is not an authentication server, but a network management tool.

References: 1: Wired 802.1X Deployment Guide - Cisco 2: 802.1X Authenticated Wired Access Overview | Microsoft Learn 3: About 802.1X Authentication - Aruba 4: Cisco Identity Services Engine - Products & Services - Cisco 5: Cisco Catalyst 2960-X Series Switches - Products & Services - Cisco : Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 - Configure Posture [Cisco AnyConnect Secure Mobility Client] - Cisco : Cisco Prime Infrastructure - Products & Services - Cisco

The Cisco Identity Services Engine (ISE) posture module provides several actions that ensure endpoint security. Two of these actions are:

• Assignments to endpoint groups are made dynamically, based on endpoint attributes. This means that ISE can assign endpoints to different identity groups or roles, depending on the results of the posture assessment. For example, ISE can assign an endpoint to a compliant group if it meets all the posture requirements, or to a quarantine group if it fails the posture assessment. This allows ISE to enforce granular access policies based on the endpoint’s posture status and attributes, such as operating system, device type, location, etc.
• The latest antivirus updates are applied before access is allowed. This means that ISE can check if the endpoint has the most recent antivirus definitions installed, and if not, it can remediate the endpoint by applying the latest updates. This ensures that the endpoint is protected from the latest malware threats and vulnerabilities, and reduces the risk of infection and compromise.

References:

• Cisco Identity Services Engine Administrator Guide, Release 2.2, Configure Client Posture Policies
• Configuring Posture Policies, Antivirus Compound Condition
• Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security?