SCOR Q1-50

Which functions of an SDN architecture require southbound APIs to enable communication?. SDN controller and the network elements. management console and the SDN controller. management console and the cloud. SDN controller and the cloud.

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?. SDN controller and the cloud. management console and the SDN controller. management console and the cloud. SDN controller and the management solution.

What is a feature of the open platform capabilities of Cisco DNA Center?. application adapters. domain integration. intent-based APIs. automation adapters.

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?. create an SNMP pull mechanism for managing AMP. gather network telemetry information from AMP for endpoints. get the process and PID information from the computers in the network. gather the network interface information about the computers AMP sees.

Which form of attack is launched using botnets?. TCP flood. DDoS. DoS. virus.

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?. smurf. distributed denial of service. cross-site scripting. rootkit exploit.

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?. user input validation in a web page or web application. Linux and Windows operating systems. database. web page images.

What is the difference between deceptive phishing and spear phishing?. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role. A spear phishing campaign is aimed at a specific person versus a group of people. Spear phishing is when the attack is aimed at the C-level executives of an organization. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Which attack is commonly associated with C and C++ programming languages?. cross-site scripting. water holing. DDoS. buffer overflow.

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.). put. options. get. push. connect.

Which two behavioral patterns characterize a ping of death attack? (Choose two.). The attack is fragmented into groups of 16 octets before transmission. The attack is fragmented into groups of 8 octets before transmission. Short synchronized bursts of traffic are used to disrupt TCP connections. Malformed packets are used to crash systems. Publicly accessible DNS servers are typically used to execute the attack.

How is DNS tunneling used to exfiltrate data out of a corporate network?. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

Which type of attack is social engineering?. trojan. MITM. phishing. malware.

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?. man-in-the-middle. LDAP injection. insecure API. cross-site scripting.

How does Cisco Advanced Phishing Protection protect users?. It utilizes sensors that send messages securely. It uses machine learning and real-time behavior analytics. It validates the sender by using DKIM. It determines which identities are perceived by the sender.

How does DNS Tunneling exfiltrate data?. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. An attacker opens a reverse DNS shell to get into the client's system and install malware on it. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs in the system's applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?. unencrypted links for traffic. weak passwords for authentication. improper file security. software bugs on applications.

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?. SYN flood. slowloris. phishing. pharming.

Which threat involves software being used to gain unauthorized access to a computer system?. ping of death. HTTP flood. NTP amplification. virus.

Which algorithm provides encryption and authentication for data plane communication?. AES-GCM. SHA-96. AES-256. SHA-384.

Which two mechanisms are used to control phishing attacks? (Choose two.). Enable browser alerts for fraudulent websites. Define security group memberships. Revoke expired CRL of the websites. Use antispyware software. Implement email filtering techniques.

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.). Check integer, float, or Boolean string parameters to ensure accurate values. Use prepared statements and parameterized queries. Secure the connection between the web and the app tier. Write SQL code instead of using object-relational mapping libraries. Block SQL code execution in the web application database login.

Which two kinds of attacks are prevented by multifactor authentication? (Choose two.). phishing. brute force. man-in-the-middle. DDoS. tear drop.

What are two rootkit types? (Choose two.). registry. buffer mode. user mode. bootloader. virtual.

What are two DDoS attack categories? (Choose two.). protocol. source-based. database. sequential. volume-based.

Which two preventive measures are used to control cross-site scripting? (Choose two.). Enable client-side scripts on a per-domain basis. Incorporate contextual output encoding/escaping. Disable cookie inspection in the HTML inspection engine. Run untrusted HTML input through an HTML sanitization engine. SameSite cookie attribute should not be used.

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?. STIX. XMPP. pxGrid. SMTP.

Which VPN technology can support a multivendor environment and secure traffic between sites?. SSL VPN. GET VPN. FlexVPN. DMVPN.

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?. DMVPN. FlexVPN. IPsec DVTI. GET VPN.

What is the commonality between DMVPN and FlexVPN technologies?. FlexVPN and DMVPN use the new key management protocol, IKEv2. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes. IOS routers run the same NHRP code for DMVPN and FlexVPN. FlexVPN and DMVPN use the same hashing algorithms.

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?. DTLSv1. TLSv1. TLSv1.1. TLSv1.2.

Which two capabilities does TAXII support? (Choose two.). exchange. pull messaging. binding. correlation. mitigating.

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.). Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device. The IPsec configuration that is set up on the active device must be duplicated on the standby device. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

Drag and drop the capabilities from the left onto the correct technologies on the right. detection, blocking, tracking analysis, and remediation to protect against targated persistent malware attack. superior threat prevention and mitigation for known and unknown threats. application-layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs. combined integrated solution of strong defense and web protection, visibility, and controlling solutions.

Which two key and block sizes are valid for AES? (Choose two.). 64-bit block size, 112-bit key length. 64-bit block size, 168-bit key length. 128-bit block size, 192-bit key length. 128-bit block size, 256-bit key length. 192-bit block size, 256-bit key length.

Which two descriptions of AES encryption are true? (Choose two.). AES is less secure than 3DES. AES is more secure than 3DES. AES can use a 168-bit key for encryption. AES can use a 256-bit key for encryption. AES encrypts and decrypts a key three times in sequence.

Drag and drop the descriptions from the left onto the correct protocol versions on the right. standard includes NAT-T. uses six packets in main mode to establish phase 1 and phase 2. use four packets to establish phase 1 and phase 2. uses three packets in aggressive mode to establish pahse 1. uses EAP for authenticating remote access clients.

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?. Talos. PSIRT. SCIRT. DEVNET.

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?. Common Vulnerabilities, Exploits and Threats. Common Vulnerabilities and Exposures. Common Exploits and Vulnerabilities. Common Security Exploits.

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.). accounting. assurance. automation. authentication. encryption.

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?. ASDM. NetFlow. API. desktop client.

What is a function of 3DES in reference to cryptography?. It encrypts traffic. It creates one-time use passwords. It hashes files. It generates private keys.

Which two activities can be done using Cisco DNA Center? (Choose two.). DHCP. design. accounting. DNS. provision.

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?. terminal. selfsigned. URL. profile.

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?. southbound API. westbound API. eastbound API. northbound API.

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?. sniffing the packets between the two hosts. sending continuous pings. overflowing the buffer's memory. inserting malicious commands into the database.

What is the function of SDN southbound API protocols?. to allow for the static configuration of control plane applications. to enable the controller to use REST. to enable the controller to make changes. to allow for the dynamic configuration of control plane applications.

Drag and drop the threats from the left onto examples of that threat on the right. DoS/DDoS. insecure APIs. data breach. compromised credentials.

What is the difference between Cross-site Scripting and SQL Injection attacks?. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

Drag and drop the common security threats from the left onto the definitions on the right. phishing. botnet. spam. worm.