Cisco CCNP Security 350-701 Questions & Answers

• Question 491:

  Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

  A. DNS tunneling

  B. DNSCrypt

  C. DNS security

  D. DNSSEC

  Correct Answer: A

  DNS Tunneling is a method of cyber attack that encodes the data of other programs or protocols in DNSqueries and responses. DNS tunneling often includes data payloads that can be added to an attacked DNSserver and used to control a remote server and applications.

• Question 492:

  How does Cisco Umbrella archive logs to an enterprise owned storage?

  A. by using the Application Programming Interface to fetch the logs

  B. by sending logs via syslog to an on-premises or cloud-based syslog server

  C. by the system administrator downloading the logs from the Cisco Umbrella web portal

  D. by being configured to send logs to a self-managed AWS S3 bucket

  Correct Answer: D

  https://docs.umbrella.com/deployment-umbrella/docs/log-management

• Question 493:

  What is a characteristic of Dynamic ARP Inspection?

  A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

  B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

  C. DAI associates a trust state with each switch.

  D. DAI intercepts all ARP requests and responses on trusted ports only.

  Correct Answer: A

  Dynamic ARP Inspection

  To prevent ARP poisoning attacks such as the one described in the previous section, a switch must ensure that only valid ARP requests and responses are relayed. DAI prevents these attacks by intercepting all ARP requests and responses.

  Each of these intercepted packets is verified for valid MAC address to IP address bindings before the local ARP cache is updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped.

  DAI determines the validity of an ARP packet based on valid MAC address to IP address bindings stored in a trusted database. This database is built at runtime by DHCP snooping, provided that it is enabled on the VLANs and on the switch

  in question. In addition, DAI can also validate ARP packets against user-configured ARP ACLs in order to handle hosts that use statically configured IP addresses.

  DAI can also be configured to drop ARP packets when the IP addresses in the packet are invalid or when the MAC addresses in the body of the ARP packet do not match the addresses specified in the Ethernet header.

• Question 494:

  What is the primary role of the Cisco Email Security Appliance?

  A. Mail Submission Agent

  B. Mail Transfer Agent

  C. Mail Delivery Agent

  D. Mail User Agent

  Correct Answer: B

  https://www.cisco.com/c/dam/en/us/td/docs/solutions/SBA/February2013/Cisco_SBA_BN_ EmailSecurityUsingCiscoESADeploymentGuide-Feb2013.pdf

• Question 495:

  Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

  A. user input validation in a web page or web application

  B. Linux and Windows operating systems

  C. database

  D. web page images

  Correct Answer: A

  SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives("injects") you an SQL statement that you will unknowingly run on your database. For example:Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to a selectstring. The variable is fetched from user input (getRequestString):txtUserId = getRequestString("UserId");txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;If user enter something like this: "100 OR 1=1" then the SzQL statement will look like this:SELECT * FROM Users WHERE UserId = 100 OR 1=1;The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE. Ahacker might get access to all the user names and passwords in this database.

• Question 496:

  Which two mechanisms are used to control phishing attacks? (Choose two)

  A. Enable browser alerts for fraudulent websites.

  B. Define security group memberships.

  C. Revoke expired CRL of the websites.

  D. Use antispyware software.

  E. Implement email filtering techniques.

  Correct Answer: AE

• Question 497:

  Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

  A. Time-based one-time passwords

  B. Data loss prevention

  C. Heuristic-based filtering

  D. Geolocation-based filtering

  E. NetFlow

  Correct Answer: BD

  Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11- 0/user_guide_fs/b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_00.html

• Question 498:

  Which compliance status is shown when a configured posture policy requirement is not met?

  A. compliant

  B. unknown

  C. authorized

  D. noncompliant

  Correct Answer: D

  Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html

• Question 499:

  What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

  A. biometric factor

  B. time factor

  C. confidentiality factor

  D. knowledge factor

  E. encryption factor

  Correct Answer: AD

  Reference: https://www.cisco.com/c/en/us/products/security/what-is-multi-factor- authentication.html

  The two most popular authentication factors are knowledge and inherent (including biometrics like fingerprint,face, and retina scans. Biometrics is used commonly in mobile devices).

• Question 500:

  Which two activities can be done using Cisco DNA Center? (Choose two)

  A. DHCP

  B. Design

  C. Accounting

  D. DNS

  E. Provision

  Correct Answer: BE

  Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems- management/dna-center/nb-06- dna-center-so-cte-en.html