cisco 350-701 practice test
Implementing and Operating Cisco Security Core Technologies
Last exam update: Apr 18 ,2024
Question 1
Topic 1
Topic 1
Which functions of an SDN architecture require southbound APIs to enable communication?
-
A. SDN controller and the network elements
-
B. management console and the SDN controller
-
C. management console and the cloud
-
D. SDN controller and the cloud
Question 2
Topic 1
Topic 1
Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)
-
A. put
-
B. options
-
C. get
-
D. push
-
E. connect
Answer:
A C
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html
Question 3
Topic 1
Topic 1
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a
network?
-
A. SDN controller and the cloud
-
B. management console and the SDN controller
-
C. management console and the cloud
-
D. SDN controller and the management solution
Question 4
Topic 1
Topic 1
What is a feature of the open platform capabilities of Cisco DNA Center?
-
A. application adapters
-
B. domain integration
-
C. intent-based APIs
-
D. automation adapters
Question 5
Topic 1
Topic 1
Refer to the exhibit. What does the API do when connected to a Cisco security appliance?
-
A. create an SNMP pull mechanism for managing AMP
-
B. gather network telemetry information from AMP for endpoints
-
C. get the process and PID information from the computers in the network
-
D. gather the network interface information about the computers AMP sees
Question 6
Topic 1
Topic 1
Which form of attack is launched using botnets?
-
A. TCP flood
-
B. DDOS
-
C. DOS
-
D. virus
Question 7
Topic 1
Topic 1
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
-
A. smurf
-
B. distributed denial of service
-
C. cross-site scripting
-
D. rootkit exploit
Question 8
Topic 1
Topic 1
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
-
A. user input validation in a web page or web application
-
B. Linux and Windows operating systems
-
C. database
-
D. web page images
Answer:
C
Explanation:
Reference: https://tools.cisco.com/security/center/resources/sql_injection
Question 9
Topic 1
Topic 1
What is the difference between deceptive phishing and spear phishing?
-
A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
-
B. A spear phishing campaign is aimed at a specific person versus a group of people.
-
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
-
D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.
Question 10
Topic 1
Topic 1
Which two behavioral patterns characterize a ping of death attack? (Choose two.)
-
A. The attack is fragmented into groups of 16 octets before transmission.
-
B. The attack is fragmented into groups of 8 octets before transmission.
-
C. Short synchronized bursts of traffic are used to disrupt TCP connections.
-
D. Malformed packets are used to crash systems.
-
E. Publicly accessible DNS servers are typically used to execute the attack.
Answer:
B D
Explanation:
Reference: https://en.wikipedia.org/wiki/Ping_of_death
Question 11
Topic 1
Topic 1
Which two mechanisms are used to control phishing attacks? (Choose two.)
-
A. Enable browser alerts for fraudulent websites.
-
B. Define security group memberships.
-
C. Revoke expired CRL of the websites.
-
D. Use antispyware software.
-
E. Implement email filtering techniques.
Question 12
Topic 1
Topic 1
Which attack is commonly associated with C and C++ programming languages?
-
A. cross-site scripting
-
B. water holing
-
C. DDoS
-
D. buffer overflow
Answer:
D
Explanation:
Reference: https://en.wikipedia.org/wiki/Buffer_overflow
Question 13
Topic 1
Topic 1
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)
-
A. Check integer, float, or Boolean string parameters to ensure accurate values.
-
B. Use prepared statements and parameterized queries.
-
C. Secure the connection between the web and the app tier.
-
D. Write SQL code instead of using object-relational mapping libraries.
-
E. Block SQL code execution in the web application database login.
Answer:
A B
Explanation:
Reference: https://en.wikipedia.org/wiki/SQL_injection
Question 14
Topic 1
Topic 1
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
-
A. phishing
-
B. brute force
-
C. man-in-the-middle
-
D. DDOS
-
E. tear drop
Question 15
Topic 1
Topic 1
What are two rootkit types? (Choose two.)
-
A. registry
-
B. buffer mode
-
C. user mode
-
D. bootloader
-
E. virtual