An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.
Which two solutions mitigate the risk of this ransom ware infection? (Choose two)
A . Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
B . Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.
C . Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.
D . Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
E . Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.
Answer: A, C
Explanation:
A posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File.
In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware.
Latest 350-701 Dumps Valid Version with 327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund