Botnet Traffic Filtering

E.

When implementing botnet traffic filtering on a Cisco ASA appliance, option E - DNS inspection and DNS snooping must be enabled.

Botnets are networks of compromised computers that are controlled by cybercriminals to perform malicious activities such as distributed denial-of-service (DDoS) attacks, spamming, or stealing sensitive information. Botnet traffic filtering is a security mechanism that helps to detect and block botnet-related traffic from entering or leaving an organization's network.

DNS inspection and DNS snooping are two features on the Cisco ASA appliance that can be used to implement botnet traffic filtering.

DNS inspection is a feature that allows the ASA appliance to monitor DNS traffic and enforce security policies based on the DNS queries and responses. With DNS inspection, the ASA appliance can detect and block DNS queries and responses that are associated with known botnets.

DNS snooping is a feature that allows the ASA appliance to inspect the DNS queries and responses that are passing through the firewall. DNS snooping enables the ASA appliance to create a mapping between the IP addresses and domain names of the devices in the network. This mapping can be used to identify botnet-related traffic and block it.

Option A - HTTP inspection is a feature on the ASA appliance that inspects and modifies HTTP traffic. HTTP inspection is useful for enforcing security policies related to web traffic, but it is not directly related to botnet traffic filtering.

Option B - Static entries in the botnet blacklist and whitelist are lists of known botnet IP addresses and domains that can be manually configured on the ASA appliance. While this can help block known botnet traffic, it requires manual maintenance and may not be effective against new or unknown botnets.

Option C - Global ACL is a feature on the ASA appliance that allows administrators to create access control rules that apply to all interfaces on the firewall. Global ACL can be used to enforce security policies, but it is not specifically designed for botnet traffic filtering.

Option D - NetFlow is a protocol that collects IP traffic information and can be used for network analysis and troubleshooting. While NetFlow can provide useful information for detecting botnet-related traffic, it is not a feature on the ASA appliance that is directly related to botnet traffic filtering.

In summary, DNS inspection and DNS snooping are the options that must be enabled when implementing botnet traffic filtering on the Cisco ASA appliance. These features allow the ASA appliance to detect and block botnet-related traffic based on DNS queries and responses.