Refer to the exhibit. How does Cisco Umbrella manage traffic that is directed toward risky domains?
Refer to the exhibit. How does Cisco Umbrella manage traffic that is directed toward risky domains?
Cisco Umbrella handles risky domains by blocking them through the configured security settings. The exhibit explicitly indicates that the security settings applied to the policy will block command and control callbacks, malware, and phishing attacks. Although the intelligent proxy could be inferred due to file inspection being enabled, the exhibit does not provide explicit evidence of its configuration. Hence, based on the information available from the exhibit, the security setting is responsible for managing and blocking traffic directed toward risky domains.
Output clearly shows that risky domains (C&C, Malware, Phishing) will be blocked by "Security Settings". Intelligent Proxy (answer C) is configured under the "Advanced settings", which is not visible on the output.
File analyzer require intelligent proxy to be enabled
C is CORRECT - File analisys only is enabled when intelligent proxy is enable, even not seeing proxy configuration, we can assume that is enabled...
C It seems the "File Analysis Enabled, File Inspection Enabled" indicates the Intelligent Proxy is enabled, as in order to do file inspection, web traffic needs to be pulled to the proxy server for inspection. Below link shows file inspection is a sub option after Intelligent Proxy is enabled: https://docs.umbrella.com/umbrella-user-guide/docs/enable-the-intelligent-proxy
File analysis enable = intelligent proxy Should be C
https://docs.umbrella.com/deployment-umbrella/docs/manage-intelligent-proxy#:~:text=It%27s%20simple%3A%20Umbrella%20blocks%20those,again%2C%20no%20proxy%20is%20required. On this link Read this whole para: Which clearly states how Umberalla will handle "risky domains" Umbrella's intelligent proxy intercepts and proxies requests for URLs, potentially malicious files, and domain names associated with certain uncategorized or unknown domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access but also pose a risk because of the possibility of hosting malware. Administrators don't want to block access to an unknown domain for all users, but they also don't want your users to access files that could harm their computers or compromise company data.
After going through the document, I change to "C". It is because File Inspection is enabled, and it is an extension of the Intelligent Proxy. https://docs.umbrella.com/deployment-umbrella/docs/file-inspection#:~:text=File%20inspection%20is%20an%20extension%20of%20the%20intelligent%20proxy%E2%80%99s%20scope%20and%20functionality
C IS Right The list of unknown domains is comprised of domains that host both malicious and safe content—we consider these “risky” domains. These sites often allow users to upload and share content—making them difficult to police, even for site administrators. There's no reason to proxy requests to domains that are already known to be safe or bad. Umbrella’s intelligent proxy only routes the requests for risky domains for deeper inspection. Note: Umbrella does not proxy traffic on non-standard ports for web traffic.
check out question 230
'Risky domain' is a term the documentation use for grey list / Intelligent Proxy. The IP cannot be seen but should be enabled in Advanced Settings.
"Refer to the Exhibit" We can not even see if Intelligent Proxy is enabled. So, it´s B.
Don't overthink it. The question first states "Refer to the exhibit".
The question is "Refer to the exhibit". Refer to the exhibit, we do not see any hints for Intelligent Proxy. So the answer should be "B", which the exhibit already mentioned it.
Even though from logical point of view C makes more sense,... look at the Question 230 ... hence against myself I am voting for B 230. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats? A. Application Control B. Security Category Blocking C. Content Category Blocking D. File Analysis Correct Answer: B
I got the same answer as you, but after reviewing the word clearly, question 230 said "when the domain host malware, command and control ...", those domains are already confirmed "bad", so it can use Security Category Blocking. But in here, the File Inspection is enabled AND the question said "risky", which is the grey list. So I believe answer here is C.
I agree with you that we are talking about the grey list so intelligent proxy is needed
C https://docs.umbrella.com/deployment-umbrella/docs/manage-intelligent-proxy
Answer is C, as Umbrella Security Settings blocks the URL and protects against phishing while Intelligent Proxy proxies the website and filters the malicious traffic https://docs.umbrella.com/deployment-umbrella/docs/dns-security-categories
I believe the answer is C. Umbrella uses intelligent proxy for risky domains.
B is correct