Design security services
Questions derived from the 640-863 – Designing for Cisco Internetwork Solutions Exam Cisco Self-Test Software Practice Test.
Objective: Design security services
SubObjective: Identify Cisco technologies to mitigate security vulnerabilities
Item Number: 640-8220.127.116.11
Single Answer, Multiple Choice
Which of the following is used for infection containment during the threat detection and mitigation process?
- Cisco Security Agent
- Cisco Intrusion Detection System (IDS)
- Cisco PIX firewall
- Cisco Intrusion Prevention System (IPS)
C. Cisco PIX firewall
Cisco PIX firewall is used for infection containment during the threat detection and mitigation process. This is accomplished by dividing the network into security zone segments. The firewall provides security at the network perimeter, but network monitoring is required to protect against potential threats. According to the Cisco Self-Defending Network (SDN) architecture, NAC is also used in the perimeter to achieve policy-based admission control.
The option Cisco Security Agent is incorrect because it is used for providing endpoint protection in the network.
The option Cisco IDS is incorrect because it is used to ensure application security in the network.
The option Cisco IPS is incorrect because it provides Inline IPS and anomaly detection.
CCDA Official Exam Certification Guide, Chapter 14: Security Technologies and design, Detecting and Mitigating Threats, pp. 474-475.