This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ] Export date:Wed Dec 4 8:48:48 2024 / +0000 GMT ___________________________________________________ Title: 2022 Valid 350-701 Exam Updates - 2022 Study Guide [Q95-Q114] --------------------------------------------------- 2022 Valid 350-701 Exam Updates - 2022 Study Guide 350-701 Certification - The Ultimate Guide [Updated 2022] QUESTION 95Drag and drop the NetFlow export formats from the left onto the descriptions on the right. QUESTION 96In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?  Smurf  distributed denial of service  cross-site scripting  rootkit exploit Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message.Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on.For example the code below is written in hex: <ahref=javascript:alert&#x28’XSS’)>Click Here</a>is equivalent to:<a href=javascript:alert(‘XSS’)>Click Here</a>Note: In the format “&#xhhhh”, hhhh is the code point in hexadecimal form.QUESTION 97What are two DDoS attack categories? (Choose two)  sequential  protocol  database  volume-based  screen-based Explanation Explanation There are three basic categories of attack: + volume-based attacks, which use high traffic to inundate the network bandwidth + protocol attacks, which focus on exploiting server resources + application attacks, which focus on web applications and are considered the most sophisticated and serious type of attacks Reference: https://www.esecurityplanet.com/networks/types-of-ddos-attacks/ Explanation There are three basic categories of attack:+ volume-based attacks, which use high traffic to inundate the network bandwidth+ protocol attacks, which focus on exploiting server resourcesExplanation Explanation There are three basic categories of attack: + volume-based attacks, which use high traffic to inundate the network bandwidth + protocol attacks, which focus on exploiting server resources + application attacks, which focus on web applications and are considered the most sophisticated and serious type of attacks Reference: https://www.esecurityplanet.com/networks/types-of-ddos-attacks/QUESTION 98Which statement about IOS zone-based firewalls is true?  An unassigned interface can communicate with assigned interfaces  Only one interface can be assigned to a zone.  An interface can be assigned to multiple zones.  An interface can be assigned only to one zone. ExplanationExplanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.htmlQUESTION 99Which security solution protects users leveraging DNS-layer security?  Cisco ISE  Cisco FTD  Cisco Umbrella  Cisco ASA QUESTION 100Drag and drop the capabilities from the left onto the correct technologies on the right. QUESTION 101Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?  1  2  6  31 Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential. Cisco switches uniquely identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access-Request message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server.Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential. Cisco switches uniquely identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access-Request message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server.Reference:Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential. Cisco switches uniquely identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access-Request message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server.QUESTION 102In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?  Smurf  distributed denial of service  cross-site scripting  rootkit exploit ExplanationCross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message.Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on.For example the code below is written in hex: <ahref=javascript:alert&#x28’XSS’)>Click Here</a>is equivalent to:<a href=javascript:alert(‘XSS’)>Click Here</a>Note: In the format “&#xhhhh”, hhhh is the code point in hexadecimal form.QUESTION 103In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?  LDAP injection  man-in-the-middle  cross-site scripting  insecure API QUESTION 104Refer to the exhibit.import requestsurl = https://api.amp.cisco.com/v1/computersheaders = {‘accept’ : application/json‘content-type’ : application/json‘authorization’ : Basic API Credentials‘cache-control’ : “no cache”}response = requests.request (“GET”, url, headers = headers)print (response.txt)What will happen when this Python script is run?  The compromised computers and malware trajectories will be received from Cisco AMP  The list of computers and their current vulnerabilities will be received from Cisco AMP  The compromised computers and what compromised them will be received from Cisco AMP  The list of computers, policies, and connector statuses will be received from Cisco AMP The call to API of “https://api.amp.cisco.com/v1/computers” allows us to fetch list of computers across your organization that Advanced Malware Protection (AMP) sees Reference:api_host=api.apjc.amp.cisco.com&api_resource=Computer&api_version=v1QUESTION 105Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)  Port  Rule  Source  Application  Protocol QUESTION 106Which two behavioral patterns characterize a ping of death attack? (Choose two)  The attack is fragmented into groups of 16 octets before transmission.  The attack is fragmented into groups of 8 octets before transmission.  Short synchronized bursts of traffic are used to disrupt TCP connections.  Malformed packets are used to crash systems.  Publicly accessible DNS servers are typically used to execute the attack. ExplanationPing of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered, and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol documented Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before transmission. However, when the target computer reassembles the malformed packet, a buffer overflow can occur, causing a system crash and potentially allowing the injection of malicious code.QUESTION 107Refer to the exhibit.Which type of authentication is in use?  LDAP authentication for Microsoft Outlook  POP3 authentication  SMTP relay server authentication  external user and relay mail authentication The TLS connections are recorded in the mail logs, along with other significant actions that are related to messages, such as filter actions, anti-virus and anti-spam verdicts, and delivery attempts. If there is a successful TLS connection, there will be a TLS success entry in the mail logs. Likewise, a failed TLS connection produces a TLS failed entry. If a message does not have an associated TLS entry in the log file, that message was not delivered over a TLS connection.The TLS connections are recorded in the mail logs, along with other significant actions that are related to messages, such as filter actions, anti-virus and anti-spam verdicts, and delivery attempts. If there is a successful TLS connection, there will be a TLS success entry in the mail logs. Likewise, a failed TLS connection produces a TLS failed entry. If a message does not have an associated TLS entry in the log file, that message was not delivered over a TLS connection.Reference:The exhibit in this Qshows a successful TLS connection from the remote host (reception) in the mail log.The TLS connections are recorded in the mail logs, along with other significant actions that are related to messages, such as filter actions, anti-virus and anti-spam verdicts, and delivery attempts. If there is a successful TLS connection, there will be a TLS success entry in the mail logs. Likewise, a failed TLS connection produces a TLS failed entry. If a message does not have an associated TLS entry in the log file, that message was not delivered over a TLS connection.The exhibit in this Qshows a successful TLS connection from the remote host (reception) in the mail log.QUESTION 108Drag and drop the security solutions from the left onto the benefits they provide on the right. QUESTION 109Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?  file access from a different user  interesting file access  user login suspicious behavior  privilege escalation QUESTION 110Drag and drop the capabilities from the left onto the correct technologies on the right. QUESTION 111Refer to the exhibit.What are two indications of the Cisco Firepower Services Module configuration?(Choose two.)  The module is operating in IDS mode.  The module fails to receive redirected traffic  Traffic is blocked if the module fails.  Traffic continues to flow if the module fails.  The module is operating in IPS mode. QUESTION 112An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?  quarantine and alter the subject header with a DLP violation  deliver and add disclaimer text  deliver and send copies to other recipients  quarantine and send a DLP violation notification QUESTION 113What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two.)  integration with 802.1x security using native Microsoft Windows supplicant  identification and correction of application vulnerabilities before allowing access to resources  flexibility of different methods of 2FA such as phone callbacks, SMS passcodes. and push notifications  secure access to on-premises and cloud applications  single sign-on access to on-premises and cloud applications QUESTION 114What is the recommendation in a zero-trust model before granting access to corporate applications and resources?  to use multifactor authentication  to use strong passwords  to use a wired network, not wireless  to disconnect from the network when inactive  Loading … What Are 350-701 Exam Details? Cisco doesn't provide many details on how its exams are structured. However, it gives some information that can help the candidate understand what to expect. 350-701 SCOR exam is also known as Implementing and Operating Cisco Security Core Technologies. The time allotted for students to answer all questions is 120 minutes. The tasks are provided in the multiple-choice, multiple-answer, or drag and drop formats. Also, the test comes in either English or Japanese. Registering for the Cisco 350-701 exam is very easy. Candidates will need to enter the Pearson VUE platform and sign up. They will have to follow the instructions provided by the platform and search for the code “350-701” in the “proctored exams” section. The registration will be complete after the candidate pays a fee of $400.   350-701 Practice Exam and Study Guides - Verified By ExamsLabs: https://www.examslabs.com/Cisco/CCNPSecurity/best-350-701-exam-dumps.html --------------------------------------------------- Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif https://blog.examslabs.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-06-26 10:44:05 Post date GMT: 2022-06-26 10:44:05 Post modified date: 2022-06-26 10:44:05 Post modified date GMT: 2022-06-26 10:44:05