350-701: Implementing and Operating Cisco Security Core Technologies Part 1
Question #: 1
Topic #: 1
Which functions of an SDN architecture require southbound APIs to enable communication?
A. SDN controller and the network elements
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the cloud
Selected Answer: A
Question #: 2
Topic #: 1
Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)
A. put
B. options
C. get
D. push
E. connect
Selected Answer: AC
Question #: 3
Topic #: 1
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?
A. SDN controller and the cloud
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the management solution
Selected Answer: D
Question #: 4
Topic #: 1
What is a feature of the open platform capabilities of Cisco DNA Center?
A. application adapters
B. domain integration
C. intent-based APIs
D. automation adapters
Selected Answer: C
Question #: 5
Topic #: 1
Refer to the exhibit. What does the API do when connected to a Cisco security appliance?
A. create an SNMP pull mechanism for managing AMP
B. gather network telemetry information from AMP for endpoints
C. get the process and PID information from the computers in the network
D. gather the network interface information about the computers AMP sees
Selected Answer: D
Question #: 6
Topic #: 1
Which form of attack is launched using botnets?
A. TCP flood
B. DDOS
C. DOS
D. virus
Selected Answer: B
Question #: 7
Topic #: 1
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
A. smurf
B. distributed denial of service
C. cross-site scripting
D. rootkit exploit
Selected Answer: C
Question #: 8
Topic #: 1
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A. user input validation in a web page or web application
B. Linux and Windows operating systems
C. database
D. web page images
Selected Answer: A
Question #: 9
Topic #: 1
What is the difference between deceptive phishing and spear phishing?
A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
B. A spear phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.
Selected Answer: B
Question #: 10
Topic #: 1
Which two behavioral patterns characterize a ping of death attack? (Choose two.)
A. The attack is fragmented into groups of 16 octets before transmission.
B. The attack is fragmented into groups of 8 octets before transmission.
C. Short synchronized bursts of traffic are used to disrupt TCP connections.
D. Malformed packets are used to crash systems.
E. Publicly accessible DNS servers are typically used to execute the attack.
Selected Answer: BD
Question #: 11
Topic #: 1
Which two mechanisms are used to control phishing attacks? (Choose two.)
A. Enable browser alerts for fraudulent websites.
B. Define security group memberships.
C. Revoke expired CRL of the websites.
D. Use antispyware software.
E. Implement email filtering techniques.
Selected Answer: AE
Question #: 12
Topic #: 1
Which attack is commonly associated with C and C++ programming languages?
A. cross-site scripting
B. water holing
C. DDoS
D. buffer overflow
Selected Answer: D
Question #: 13
Topic #: 1
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)
A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
C. Secure the connection between the web and the app tier.
D. Write SQL code instead of using object-relational mapping libraries.
E. Block SQL code execution in the web application database login.
Selected Answer: AB
Question #: 14
Topic #: 1
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
A. phishing
B. brute force
C. man-in-the-middle
D. DDOS
E. tear drop
Selected Answer: AB
Question #: 15
Topic #: 1
What are two rootkit types? (Choose two.)
A. registry
B. buffer mode
C. user mode
D. bootloader
E. virtual
Selected Answer: CD
Question #: 16
Topic #: 1
How is DNS tunneling used to exfiltrate data out of a corporate network?
A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers
B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data
C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network
D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks
Selected Answer: B
Question #: 17
Topic #: 1
Which type of attack is social engineering?
A. trojan
B. MITM
C. phishing
D. malware
Selected Answer: C
Question #: 18
Topic #: 1
What are two DDoS attack categories? (Choose two.)
A. protocol
B. source-based
C. database
D. sequential
E. volume-based
Selected Answer: AE
Question #: 19
Topic #: 1
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
A. man-in-the-middle
B. LDAP injection
C. insecure API
D. cross-site scripting
Selected Answer: A
Question #: 20
Topic #: 1
How does Cisco Advanced Phishing Protection protect users?
A. It utilizes sensors that send messages securely.
B. It uses machine learning and real-time behavior analytics.
C. It validates the sender by using DKIM.
D. It determines which identities are perceived by the sender.
Selected Answer: B
Question #: 21
Topic #: 1
How does DNS Tunneling exfiltrate data?
A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
B. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.
C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
D. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.
Selected Answer: A
Question #: 22
Topic #: 1
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?
A. unencrypted links for traffic
B. weak passwords for authentication
C. improper file security
D. software bugs on applications
Selected Answer: A
Question #: 23
Topic #: 1
A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?
A. SYN flood
B. slowloris
C. phishing
D. pharming
Selected Answer: A
Question #: 24
Topic #: 1
Which two preventive measures are used to control cross-site scripting? (Choose two.)
A. Enable client-side scripts on a per-domain basis.
B. Incorporate contextual output encoding/escaping.
C. Disable cookie inspection in the HTML inspection engine.
D. Run untrusted HTML input through an HTML sanitization engine.
E. SameSite cookie attribute should not be used.
Selected Answer: BD
Question #: 25
Topic #: 1
Which threat involves software being used to gain unauthorized access to a computer system?
A. ping of death
B. HTTP flood
C. NTP amplification
D. virus
Selected Answer: D
Question #: 26
Topic #: 1
Which two capabilities does TAXII support? (Choose two.)
A. exchange
B. pull messaging
C. binding
D. correlation
E. mitigating
Selected Answer: AB
Question #: 27
Topic #: 1
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
Selected Answer: CE
Question #: 28
Topic #: 1
Which algorithm provides encryption and authentication for data plane communication?
A. AES-GCM
B. SHA-96
C. AES-256
D. SHA-384
Selected Answer: A
Question #: 29
Topic #: 1
DRAG DROP –
Drag and drop the capabilities from the left onto the correct technologies on the right.
Select and Place:
Suggestion Answer:
Question #: 30
Topic #: 1
Which two key and block sizes are valid for AES? (Choose two.)
A. 64-bit block size, 112-bit key length
B. 64-bit block size, 168-bit key length
C. 128-bit block size, 192-bit key length
D. 128-bit block size, 256-bit key length
E. 192-bit block size, 256-bit key length
Selected Answer: CD
Question #: 31
Topic #: 1
Which two descriptions of AES encryption are true? (Choose two.)
A. AES is less secure than 3DES.
B. AES is more secure than 3DES.
C. AES can use a 168-bit key for encryption.
D. AES can use a 256-bit key for encryption.
E. AES encrypts and decrypts a key three times in sequence.
Selected Answer: BD
Question #: 32
Topic #: 1
What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?
A. STIX
B. XMPP
C. pxGrid
D. SMTP
Selected Answer: A
Question #: 33
Topic #: 1
DRAG DROP –
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
Select and Place:
Suggestion Answer:
Question #: 34
Topic #: 1
Which VPN technology can support a multivendor environment and secure traffic between sites?
A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN
Selected Answer: C
Question #: 35
Topic #: 1
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
A. DMVPN
B. FlexVPN
C. IPsec DVTI
D. GET VPN
Selected Answer: D
Question #: 36
Topic #: 1
What is a commonality between DMVPN and FlexVPN technologies?
A. FlexVPN and DMVPN use the new key management protocol, IKEv2
B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
C. IOS routers run the same NHRP code for DMVPN and FlexVPN
D. FlexVPN and DMVPN use the same hashing algorithms
Selected Answer: C
Question #: 37
Topic #: 1
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
A. DTLSv1
B. TLSv1
C. TLSv1.1
D. TLSv1.2
Selected Answer: A
Question #: 38
Topic #: 1
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?
A. Talos
B. PSIRT
C. SCIRT
D. DEVNET
Selected Answer: A
Question #: 39
Topic #: 1
When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?
A. Common Vulnerabilities, Exploits and Threats
B. Common Vulnerabilities and Exposures
C. Common Exploits and Vulnerabilities
D. Common Security Exploits
Selected Answer: B
Question #: 40
Topic #: 1
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)
A. accounting
B. assurance
C. automation
D. authentication
E. encryption
Selected Answer: BC
Question #: 41
Topic #: 1
What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?
A. ASDM
B. NetFlow
C. API
D. desktop client
Selected Answer: C
Question #: 42
Topic #: 1
What is a function of 3DES in reference to cryptography?
A. It encrypts traffic.
B. It creates one-time use passwords.
C. It hashes files.
D. It generates private keys.
Selected Answer: A
Question #: 43
Topic #: 1
Which two activities can be done using Cisco DNA Center? (Choose two.)
A. DHCP
B. design
C. accounting
D. DNS
E. provision
Selected Answer: BE
Question #: 44
Topic #: 1
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A. terminal
B. selfsigned
C. url
D. profile
Selected Answer: D
Question #: 45
Topic #: 1
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
A. southbound API
B. westbound API
C. eastbound API
D. northbound API
Selected Answer: B
Question #: 46
Topic #: 1
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
A. southbound API
B. westbound API
C. eastbound API
D. northbound API
Selected Answer: B
Question #: 47
Topic #: 1
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?
A. sniffing the packets between the two hosts
B. sending continuous pings
C. overflowing the buffer’s memory
D. inserting malicious commands into the database
Selected Answer: D
Question #: 48
Topic #: 1
What is the function of SDN southbound API protocols?
A. to allow for the static configuration of control plane applications
B. to enable the controller to use REST
C. to enable the controller to make changes
D. to allow for the dynamic configuration of control plane applications
Selected Answer: C
Question #: 49
Topic #: 1
DRAG DROP –
Drag and drop the threats from the left onto examples of that threat on the right.
Select and Place:
Suggestion Answer:
Question #: 50
Topic #: 1
What is the difference between Cross-site Scripting and SQL Injection attacks?
A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
B. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.
C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
Selected Answer: B
Question #: 51
Topic #: 1
DRAG DROP –
Drag and drop the common security threats from the left onto the definitions on the right.
Select and Place:
Suggestion Answer:
Question #: 52
Topic #: 1
Which type of dashboard does Cisco DNA Center provide for complete control of the network?
A. distributed management
B. service management
C. application management
D. centralized management
Selected Answer: D
Question #: 53
Topic #: 1
Refer to the exhibit. What will happen when this Python script is run?
A. The list of computers, policies, and connector statuses will be received from Cisco AMP.
B. The list of computers and their current vulnerabilities will be received from Cisco AMP.
C. The compromised computers and malware trajectories will be received from Cisco AMP.
D. The compromised computers and what compromised them will be received from Cisco AMP.
Selected Answer: A
Question #: 54
Topic #: 1
Refer to the exhibit. What will happen when the Python script is executed?
A. The hostname will be printed for the client in the client ID field.
B. The hostname will be translated to an IP address and printed.
C. The script will pull all computer hostnames and print them.
D. The script will translate the IP address to FQDN and print it.
Selected Answer: C
Question #: 55
Topic #: 1
With which components does a southbound API within a software-defined network architecture communicate?
A. applications
B. controllers within the network
C. appliances
D. devices such as routers and switches
Selected Answer: D
Question #: 56
Topic #: 1
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?
A. BYOD onboarding
B. MAC authentication bypass
C. client provisioning
D. Simple Certificate Enrollment Protocol
Selected Answer: C
Question #: 57
Topic #: 1
What are two characteristics of Cisco DNA Center APIs? (Choose two.)
A. They are Cisco proprietary.
B. They do not support Python scripts.
C. They view the overall health of the network.
D. They quickly provision new devices.
E. Postman is required to utilize Cisco DNA Center API calls.
Selected Answer: CD
Question #: 58
Topic #: 1
A company discovered an attack propagating through their network via a file. A custom file detection policy was created in order to track this in the future and ensure no other endpoints execute to infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the policy created is functioning as it should?
A. Create an IP block list for the website from which the file was downloaded.
B. Block the application that the file was using to open.
C. Upload the hash for the file into the policy.
D. Send the file to Cisco Threat Grid for dynamic analysis.
Selected Answer: C
Question #: 59
Topic #: 1
Refer to the exhibit. What does the Python script accomplish?
A. It authenticates to a Cisco ISE server using the username or ersad.
B. It lists the LDAP users from the external identity store configured on Cisco ISE.
C. It authenticates to a Cisco ISE with an SSH connection.
D. It allows authentication with TLSv1 SSL protocol.
Selected Answer: A
Question #: 60
Topic #: 1
What is a difference between GETVPN and IPsec?
A. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices.
B. GETVPN is based on IKEv2 and does not support IKEv1.
C. GETVPN provides key management and security association management.
D. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub.
Selected Answer: D
