Describe the components of the Cisco Security Reference Architecture

Threat intelligence

Security operations toolset

User/device security

Network security: cloud edge and on-premises

Workload, application, and data security

Describe use cases and the recommended capabilities within an integrated architecture

Common identity

Converged multicloud policy

SASE integrations

Zero-trust network access

Describe industry security frameworks such as NIST, CISA, and DISA

Describe the SAFE architectural framework

Describe the SAFE Key structure

Places in the Network

Secure Domains

Implement user and device authentication via identity certificates

Implement multifactor authentication for users and devices

Implement endpoint posture policies for user access to resources

Configure SAML/SSO and OIDC using an identity provider connection

Configure user and device trust using SAML authentication for a mobile or web

application

Determine security policies for endpoints to control access to cloud applications

URL filtering (web layer and DNS layer)

Advanced app control

Network protocol blocking such as FTP and bit torrent

Direct-internet-access for trusted business applications

Web application firewall

Reverse proxy

Determine security policies for endpoints to control access to SaaS applications such as

Office 365, Workday, and Salesforce

Determine security policies for remote users using VPN or application-based

Determine security policies for network security edge to enforce application policy

Security services edge

Cisco Secure Firewall (FTD and ASA)

Describe the MITRE ATT&CK framework and attacker defense mitigation techniques

Describe cloud security attack tactics and mitigation strategies

Describe how web application firewalls protect against DDoS attacks

Determine security policies for application enforcement using Cisco Secure Workload

and enforcement agents

Lateral movement prevention

Microsegmentation

Determine cloud (hybrid and multicloud) platform security policies based on application

connectivity requirements (third- party providers such as AWS, Azure, and Google

Cloud)

Describe the Cisco XDR solution

Describe use cases for visibility and assurance automation

Describe benefits and capabilities of visibility and logging tools such as SIEM, Open

Telemetry, and Cisco Secure Network Analytics

Validate traffic flow and telemetry reports for baseline and compliance behavior

analysis

Diagnose issues with user application and workload access

Cisco Secure Network Analytics

Cisco Secure Cloud Analytics

Cisco Secure Cloud Insights

Cisco Secure Analytics and Logging

Verify user access to applications and data using tools (firewall logs, Duo, Umbrella, and

Cisco Secure Workload)

Analyze application dependencies using tools such as firewall logs and Cisco Secure

Workload

Describe use cases for response automation

Determine actions based on telemetry reports

Determine policies based on security audit reports

Determine action based on user or application compromise

Contain

Report

Remediate

Reinstantiate