🃏 SCOR Security Flashcards

Q: What is the difference between IPS and IDS?

A: IPS is inline (blocks attacks). IDS is passive/out-of-band (detects and alerts only).

Q: What is Cisco Umbrella?

A: A cloud-delivered DNS security service that blocks malicious domains before a connection is established.

Q: What is TrustSec?

A: Cisco security framework using SGTs (Security Group Tags) to classify and enforce policy based on identity, not IP addresses.

Q: What is the difference between Transport and Tunnel mode in IPsec?

A: Transport: encrypts only the payload (used for host-to-host). Tunnel: encrypts the entire original packet and adds new IP header (used for site-to-site VPNs).

Q: What is a CASB?

A: Cloud Access Security Broker — sits between users and cloud services to enforce security policies, visibility, compliance, and data protection.

Q: What does Cisco AMP for Endpoints do?

A: Advanced Malware Protection: continuous monitoring, retrospective alerting, file trajectory, sandboxing, and IoC detection on endpoints.

Q: What is 802.1X?

A: Port-based NAC: supplicant (client), authenticator (switch), authentication server (RADIUS/ISE). EAP methods carry credentials.

Q: What is a zero-trust architecture?

A: Never trust, always verify — every access request is authenticated and authorized regardless of network location.

Q: What is pxGrid?

A: Platform Exchange Grid — Cisco ISE shares context (user, device, threat) with partner ecosystem products for coordinated response.

Q: What is the ESA used for?

A: Cisco Secure Email (ESA) — email security appliance that filters spam, phishing, malware, and enforces DLP policies on SMTP traffic.