PrepAway - Latest Free Exam Questions & Answers

You deploy a Cisco NGIPSv device with the included Control license and Protection license.

You deploy a Cisco NGIPSv device with the included Control license and Protection license.

Which feature cannot be enabled by this combination of licenses?

A. Security Intelligence filtering

B. AMP for Networks

C. intrusion detection and prevention

D. user and application control

E. file control

Explanation:
Cisco Advanced Malware Protection (AMP) for Networks cannot be enabled with the combination of licenses in this scenario. Cisco AMP for Networks is enabled on a Cisco Next-Generation IPS virtual (NGIPSv) appliance by a Malware license, not a Protection license. The NGIPSv is a virtual intrusion prevention system (IPS) appliance that runs on VMware. The capabilities of the NGIPSv depend on the licenses that are enabled on the appliance.

AMP is a cloud-based technology that conducts malware analysis that is less limited in scope than malware-scanning products. AMP contains features that attempt to prevent infection from known and emerging threats by using information from Cisco Talos, a threat intelligence system, and Cisco Threat Grid, a file analysis system. In addition, Cisco AMP uses a file reputation system to validate nonmalware and a retrospective system to identify potential compromise.

Intrusion detection and prevention, file control, and Cisco Security Intelligence filtering are enabled if you deploy a Cisco NGIPSv appliance with a Protection license. A Protection license is included with the appliance. This license enables IPS and intrusion detection system (IDS) features along with file control. Cisco Security Intelligence is a security infrastructure that provides threat identification, analysis, and mitigation. When Cisco Security Intelligence filtering is enabled, the NGIPSv appliance relies on Cisco Security Intelligence to detect and filter malicious traffic.

User and application control is enabled on an NGIPSv appliance by a Control license. However, the Control license must be combined with a Protection license in order for that feature to become available. Like a Protection license, a Control license is included with the NGIPSv appliance. User and application control adds conditions to access control rules. If the Control license is not added to an NGIPSv device, you can still add user and application conditions to access control rules. However, those rules cannot be deployed to the device.

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Licensing_the_Firepower_System.html#ID-2240-00000035


Leave a Reply