Cisco Certified Internetwork Expert (CCIE) Practice Test

Which three types of addresses can the Botnet Filter feature of the Cisco ASA monitor? (Choose three)

• A. Known allowed addresses
• B. Dynamic addresses
• C. Internal addresses
• D. Ambiguous addresses

The correct answer is: Known allowed addresses

The Botnet Filter feature of the Cisco ASA is designed to enhance security by monitoring addresses that may indicate malicious activity or connections to botnets. Among the types of addresses that the Botnet Filter can monitor, known allowed addresses play a significant role. Known allowed addresses refer to IP addresses or domain names that are recognized and trusted by the organization. The Botnet Filter maintains a list of these addresses, allowing it to focus on monitoring traffic to and from these sources. By analyzing connections involving known allowed addresses, the feature can identify any unusual or suspicious behavior that may indicate a compromise or communication with potentially harmful entities. This capability is crucial for distinguishing between regular traffic and malicious attempts to exploit the network. The other types of addresses, while relevant to network security in broader contexts, do not specifically pertain to the core monitoring capabilities of the Botnet Filter. Dynamic addresses typically refer to IP addresses that change frequently and can be harder to correlate with persistent botnet behavior. Internal addresses refer to the addresses used within an organization's network, which may not be relevant for monitoring external botnet communications. Ambiguous addresses are inherently unclear in terms of classification, making them less suitable for focused monitoring strategies employed by the Botnet Filter.