Cisco Umbrella Policy Management Quiz

Questions and Answers

What determines which categories of security threat Umbrella blocks?

Logging settings

Licensing package

Security category (correct)

Custom integrations

Where can you find information about your current Umbrella package?

Integrations

Admin > Licensing (correct)

Manage Your Logs

Best Practices for Policy Creation

What feature provides DNS-layer visibility and enforcement with the ability to proxy risky domains selectively?

Custom integrations

Policy wizard (correct)

Logging settings

Tag creation

What are tags in the context of Umbrella's policies?

Grouping of roaming computer identities

What kind of information does content categories organize?

Websites into categories based on the type of information served

What appears when an identity attempts to access a destination that is blocked due to a DNS content setting?

An Umbrella block page

Which feature applies to IP Layer Enforcement via the roaming client only?

Adding an IP address to Allow Lists

What does the size of the CIDR notation for the block of IP addresses cannot exceed?

/8

What does File Analysis enable?

$Blocking of malicious files using antivirus and malware protection$

What is required for a feature in the policy that allows adding an IP address or a block of IP addresses?

$Installation of the roaming client on the identities$

Study Notes

Security Threat Categories in Umbrella

• Umbrella blocks security threats based on predefined content categories, which classify various types of websites and domains.
• Categories include malware, phishing, command and control, and other high-risk domains to protect users.

Current Umbrella Package Information

• Information about the current Umbrella package can be found in the Umbrella dashboard, accessible through the admin portal.
• The dashboard provides details about features, licensing, and any active subscriptions.

DNS-Layer Visibility and Enforcement

• The proxy feature allows selective enforcement of risky domains at the DNS layer, providing visibility into potentially harmful network traffic.
• Users can enforce policies on domains that are deemed risky without compromising safety on safe domains.

Tags in Umbrella's Policies

• Tags are labels used in Umbrella policies to categorize users or devices, helping in the application of specific security policies.
• Tags facilitate more granular policy enforcement based on user or device groupings.

Content Categories Organization

• Content categories organize websites and domains into distinct classifications, such as social media, streaming, or adult content, assisting in filtering and policy application.
• This organization aids in understanding traffic patterns and potential security risks associated with specific content types.

Access Denied Notification

• When an identity attempts to access a destination blocked by DNS content settings, a specific block page appears, informing users of the access denial reason.
• The page typically contains links for users to request access or report issues.

IP Layer Enforcement

• The IP Layer Enforcement feature is applicable only to the Umbrella roaming client, allowing enforcement of security policies based on the user’s IP address.
• It enhances security by applying policies regardless of the network the user is connected to.

CIDR Notation Block Size

• The size of CIDR notation for blocking IP addresses must not exceed a specific limit, ensuring efficient management of IP address ranges.
• This limitation prevents overly broad rules that could inadvertently affect other non-targeted addresses.

File Analysis Capability

• File Analysis features enable the inspection of file downloads to detect malware and other security threats before they reach the endpoint.
• This proactive analysis helps in preventing infections caused by malicious files.

Adding IP Addresses in Policies

• To add an IP address or block of addresses in an Umbrella policy, it requires appropriate permissions and configuration within the policy settings.
• Ensuring correct entry and policy alignment is necessary for effective enforcement of added IP restrictions.

Description

Test your knowledge about setting up policies in Cisco Umbrella for DNS-layer visibility, enforcement, and selective domain proxying. Learn how to manage system protection and identities through policies.