Chapter 3 - Building a Security Strategy Flashcards Preview

Cisco CCNA Security (640-554) > Chapter 3 - Building a Security Strategy > Flashcards

Flashcards in Chapter 3 - Building a Security Strategy Deck (13):
1

What is a Borderless End Zone?

This is where devices connect to the network. Malware, viruses, and malicious software is a big concern. NAC and ISE can be used to interrogate devices before they are allowed onto the network.

2

What is a Borderless Data Center?

This is typically a cloud-driven business environment that could provide services. ASA's and IPS are used to protect network resources here.

3

What is a Borderless Internet?

Basically, the entire Internet.

4

What is a Policy Management Point?

Enterprise tools that allow implementation of security measures across the entire network. 

Cisco Security Manager (CSM) and Cisco Access Control Server (ACS) are examples of these tools.

5

What is NAC?

Network Admissions Control

6

What is ISE?

Identity Services Engine.

7

What is CSM?

Cisco Security Manager

8

What is ACS?

Cisco Access Control Server

9

What is "context-aware" security?

Security enforcement that involves the observation of users and roles in addition to interface-based controls. 

Ex: An Access Control Server (ACS) that allows an admin full rights when logged in from inside the network, but allows restricted access via remote device or smartphone.

10

What is SecureX?

This is Cisco's security framework to establish and enforce security policies across a distributed network.

11

What is Security Intelligence Operations (SIO)?

SIO is a cloud based service managed by Cisco. It identifies and correlates real-time threats so that customers can leverage this information to better protect their networks. (Learn about a new attack, so you can better protect your network before it hits)

12


What is TrustSec?


TrustSec is part of the Cisco SecureX security architecture strategy. Its idea is to create "a distributed access policy enforcement mechanism". It may use encryption to provide confidentiality.

It's main goal is to provide end-to-end security based on who, what, where, and how users are connected to the network.

Actual toolsed used for TrustSec are:

ISE, NAC, and AAA

13


What is a Security Group Tag?


Security Group Tags (SGTs)

Once a device is authenticated, Cisco TrustSec tags any packet that originates from that device with a security group tag (SGT) that contains the security group number of the device. The packet carries this SGT throughout the network within the Cisco TrustSec header. The SGT is a single label that determines the privileges of the source within the entire enterprise.