Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 163

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but sees only the requests from its public IP addresses instead of each internal IP address. What must be done to resolve this issue?

Answer options

• A. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard.
• B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard.
• C. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains.
• D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.

Correct answer: D

Explanation

The correct answer is D because setting up a Cisco Umbrella virtual appliance allows the organization to capture and analyze traffic from internal IP addresses, resolving the issue of only seeing public IP requests. Options A, B, and C do not provide a solution to the visibility problem concerning internal IP addresses, as they focus on directory integration or policy creation without addressing the traffic routing.