Why Cisco 350-701 dumps PDF Is The Only Skill You Really Need

Page 1

Implementing and Operating Cisco Security Core Technologies Cisco 350 -701 Exam Questions & Answers Demo https://www.dumpsspot.com/cisco/350-701-dumps.html

Version:27.0

Topic1,ExamPoolA

Question:1

Inwhichformofattackisalternateencoding,suchashexadecimalrepresentation,mostoftenobserved?

A.Smurf

B.distributeddenialofservice

C.cross-sitescripting

D.rootkitexploit

Explanation:

Answer:C

Crosssitescripting(alsoknownasXSS)occurswhenawebapplicationgathersmaliciousdatafroma user.Thedataisusuallygatheredintheformofahyperlinkwhichcontainsmaliciouscontentwithinit. Theuserwillmostlikelyclickonthislinkfromanotherwebsite,instantmessage,orsimplyjustreadinga webboardoremailmessage.

UsuallytheattackerwillencodethemaliciousportionofthelinktothesiteinHEX(orotherencoding methods)sotherequestislesssuspiciouslookingtotheuserwhenclickedon.

Forexamplethecodebelowiswritteninhex:<a href=javascript:alert&# x28'XSS')>ClickHere</a>

isequivalentto:

<ahref=javascript:alert('XSS')>ClickHere</a>

Note:Intheformat“&#xhhhh“,hhhhisthecodepointinhexadecimalform.

Question:2

WhichflawdoesanattackerleveragewhenexploitingSQLinjectionvulnerabilities?

A.userinputvalidationinawebpageorwebapplication

B.LinuxandWindowsoperatingsystems

C.database

D.webpageimages

Explanation:

Answer:A

Questions&AnswersPDF Page2

SQLinjectionusuallyoccurswhenyouaskauserforinput,liketheirusername/userid,buttheusergives (“injects”)youanSQLstatementthatyouwillunknowinglyrunonyourdatabase.Forexample: Lookatthefollowingexample,whichcreatesaSELECTstatementbyaddingavariable(txtUserId)toa select string.Thevariableisfetchedfromuserinput(getRequestString): txtUserId=getRequestString(“UserId”);

txtSQL=“SELECT*FROMUsersWHEREUserId=”+txtUserId; Ifuserentersomethinglikethis:“100OR1=1”thentheSzQLstatementwilllooklikethis: SELECT*FROMUsersWHEREUserId=100OR1=1; TheSQLaboveisvalidandwillreturnALLrowsfromthe“Users”table,sinceOR1=1isalwaysTRUE.A hackermightgetaccesstoalltheusernamesandpasswordsinthisdatabase.

Question:3

WhichtwopreventiontechniquesareusedtomitigateSQLinjectionattacks?(Choosetwo)

A.Checkinteger,float,orBooleanstringparameterstoensureaccuratevalues.

B.Usepreparedstatementsandparameterizedqueries.

C.Securetheconnectionbetweenthewebandtheapptier.

D.WriteSQLcodeinsteadofusingobject-relationalmappinglibraries.

E.BlockSQLcodeexecutioninthewebapplicationdatabaselogin.

Explanation:

Question:4

Answer:A,B

Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingandsocial engineeringattacks?(Choosetwo)

A.Patchforcross-sitescripting.

B.Performbackupstotheprivatecloud.

C.Protectagainstinputvalidationandcharacterescapesintheendpoint.

D.Installaspamandvirusemailfilter.

E.Protectsystemswithanup-to-dateantimalwareprogram

Explanation:

Answer:D,E

Questions&AnswersPDF Page3

Phishingattacksarethepracticeofsendingfraudulentcommunicationsthatappeartocomefroma reputable source.Itisusuallydonethroughemail.Thegoalistostealsensitivedatalikecreditcardandlogin information, ortoinstallmalwareonthevictim’smachine.

Question:5

Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo)

A.Enablebrowseralertsforfraudulentwebsites.

B.Definesecuritygroupmemberships.

C.RevokeexpiredCRLofthewebsites.

D.Useantispywaresoftware.

E.Implementemailfilteringtechniques.

Explanation:

Free Demo Cisco 350-701 Dumps

Answer:A,E

Questions&AnswersPDF Page4

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.