Free Cisco 350-701 Practice Exam with Questions & Answers | Set: 14

DevSecOps is a development practice that integrates security into all phases of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery. DevSecOps focuses on application development, as it aims to deliver secure and robust applications that meet the customers’ needs and expectations. DevSecOps also makes security a shared responsibility of development, security, and operations teams, rather than a separate silo. DevSecOps enables faster and safer software delivery by automating security processes and tools, and addressing security issues as they emerge, rather than at the end of the cycle.

References :=

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 6: Securing the Data Center, Lesson 6.2: DevSecOps

What Is DevSecOps? Definition and Best Practices | Microsoft Security

What is DevSecOps? | IBM

What is DevSecOps? | DevSecOps vs. DevOps | VMware

Patching helps to mitigate vulnerabilities by applying fixes or updates to software or firmware that have known security flaws. Vulnerabilities can be exploited by cybercriminals to compromise the confidentiality, integrity, or availability of the IT systems and data. Patching endpoints consistently reduces the risk of cyberattacks and data breaches by closing the gaps that attackers can use to gain unauthorized access or cause damage. Patching also improves the performance and functionality of the IT systems by addressing bugs or errors12.

Option B is the correct answer, as it explains the main benefit of patching endpoints consistently. Option A is incorrect, as patching does not necessarily reduce the attack surface of the infrastructure, which is the total number of possible entry points for an attacker. Patching only addresses the existing vulnerabilities in the software or firmware, but does not eliminate the attack surface itself. Option C is incorrect, as patching is not always required per the vendor contract, although some vendors may provide support or incentives for patching. Option D is incorrect, as patching does not allow for creating a honeypot, which is a decoy system that is intentionally left vulnerable to lure and trap attackers. References: Patch Management Overview, Challenges, and Recommendations. Patch Management Explained: Challenges, Best Practices & Steps.

A SQL injection attack is a type of attack that exploits a vulnerability in a web application that uses user-supplied data to construct SQL statements that interact with a database. By inserting malicious commands into the database, an attacker can execute arbitrary SQL queries or commands on the database server, which may result in data theft, data manipulation, or command execution. Machine 1 is vulnerable to SQL injection because it does not properly validate or sanitize the user input before using it in a SQL statement. Therefore, inserting malicious commands into the database would allow the attacker to gain access to machine 1.

A buffer overflow attack is a type of attack that exploits a vulnerability in a program that does not check the boundaries of a buffer (a temporary storage area for data) before copying data into it. By overflowing the buffer’s memory, an attacker can overwrite adjacent memory locations, which may result in corrupting data, crashing the program, or executing malicious code. Machine 2 is vulnerable to buffer overflow because it does not properly handle the size or length of the data that it receives from the user or another source. Therefore, overflowing the buffer’s memory would allow the attacker to gain access to machine 2.

Sniffing the packets between the two hosts is a passive attack that involves capturing and analyzing the network traffic that flows between the two machines. This attack may reveal sensitive information, such as credentials, session tokens, or database queries, but it does not directly allow the attacker to gain access to either machine. Sending continuous pings is a type of denial-of-service attack that involves flooding the target machine with ICMP echo request packets, which may consume its network bandwidth or processing resources, but it does not directly allow the attacker to gain access to either machine. Therefore, neither sniffing the packets nor sending continuous pings would allow the attacker to gain access to machine 1 but not machine 2. References :=

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Web Security, SQL Injection Attacks

Understanding SQL Injection - Cisco, SQL Injection Explained

Buffer Overflow and SQL Injection: To Remotely Attack and … - Springer, Buffer Overflow and SQL Injection Attacks

Cisco AnyConnect is a client-based VPN solution that provides secure remote access for individual users from their machines. It allows customization of access policies based on user identity, such as group membership, device posture, or location. This enables granular control over who can access what resources on the network. Cisco AnyConnect also supports various authentication methods, such as certificates, multifactor authentication, or single sign-on. Cisco AnyConnect can be deployed with Cisco Adaptive Security Appliance (ASA) or Cisco Firepower Threat Defense (FTD) as the VPN headend.

Cisco DMVPN is a network-based VPN solution that provides dynamic, on-demand, and scalable connectivity for branch offices, teleworkers, and business partners. It uses multipoint GRE (mGRE) tunnels and Next Hop Resolution Protocol (NHRP) to establish direct spoke-to-spoke communications without traversing the hub. It also supports IPsec encryption and various routing protocols over the tunnel. Cisco DMVPN can be deployed with Cisco IOS routers as the VPN headend.

The advantages of using Cisco AnyConnect over DMVPN are:

It enables VPN access for individual users from their machines, which is useful for mobile workers or telecommuters who need to connect to the network from anywhere.

It allows customization of access policies based on user identity, which is useful for enforcing security and compliance requirements for different types of users or devices.

The advantages of using DMVPN over Cisco AnyConnect are:

It provides spoke-to-spoke communications without traversing the hub, which reduces latency and bandwidth consumption for traffic between remote sites.

It allows different routing protocols to work over the tunnel, which provides flexibility and scalability for network design and management.

Explanation

The syntax of this command is shown below:

snmp-server group [group-name {v1 | v2c | v3 [auth | noauth | priv]}] [read read-view] [write write-view] [notify notify-view] [access access-list]

The command above restricts which IP source addresses are allowed to access SNMP functions on the router. You could restrict SNMP access by simply applying an interface ACL to block incoming SNMP packets that don’t come from trusted servers. However, this would not be as effective as using the global SNMP commands shown in this recipe. Because you can apply this method once for the whole router, it is much simpler than applying ACLs to block SNMP on all interfaces separately. Also, using interface ACLs would block not only SNMP packets intended for this router, but also may stop SNMP packets that just happened to be passing through on their way to some other destination device.

 Cisco Duo is a cloud-based solution that provides multi-factor authentication (MFA) and device trust for secure access to applications and data. MFA adds an extra layer of security by requiring users to verify their identity with something they know (such as a password) and something they have (such as a phone or a hardware token). Device trust ensures that only trusted devices can access sensitive resources by checking the device health and compliance. Cisco Duo can help prevent social engineering attacks by making it harder for hackers to impersonate legitimate users or compromise their credentials. Cisco Duo can also integrate with other Cisco security products, such as Cisco AnyConnect, Cisco AMP for Endpoints, and Cisco Umbrella, to provide a comprehensive security solution. References :=

Cisco Duo Security

Cisco Duo: Multi-Factor Authentication

Cisco Duo: Device Trust

Cisco Security Core Technologies SCOR

Explanation

Explanation

The Mail Policies menu is where almost all of the controls related to email filtering happens. All the security and content filtering policies are set here, so it’s likely that, as an ESA administrator, the pages on this menu are where you are likely to spend most of your time.

A passphrase is a type of protection that encrypts RSA keys when they are exported and imported. A passphrase is a sequence of characters that the user enters to decrypt the key. The passphrase acts as a symmetric key that is used to encrypt and decrypt the RSA key with a symmetric algorithm, such as AES. This way, the RSA key is protected from unauthorized access or tampering when it is transferred or stored. A passphrase can also provide additional security by adding entropy to the RSA key generation process. A file, NGE, and nonexportable are not types of protection that encrypt RSA keys when they are exported and imported. A file is a container that stores the RSA key, but does not encrypt it. NGE stands for Next Generation Encryption, which is a set of cryptographic standards and algorithms that Cisco recommends, but it is not a specific type of protection. Nonexportable is a property that prevents the RSA key from being exported at all, but it does not encrypt it. References: RSA/Schannel Key BLOBs, Common Encryption Types, Protocols and Algorithms Explained, Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 (Module 5: Implementing Secure Communications with VPNs, Lesson 5.1: Implementing Site-to-Site VPNs, Topic 5.1.2: Implementing Site-to-Site VPNs with Pre-Shared Keys)

The process of performing automated static and dynamic analysis of files against preloaded behavioral indicators for threat analysis is called advanced sandboxing. Advanced sandboxing is a feature of Cisco Secure Malware Analytics (Threat Grid), which is a cloud-based or on-premises solution that analyzes the behavior of suspicious files and URLs. Advanced sandboxing uses a combination of static and dynamic analysis techniques to examine the files against more than 700 behavioral indicators, such as registry changes, network connections, file modifications, and process injections. These indicators help to uncover stealthy and sophisticated threats, and provide the security team with detailed reports and actionable intelligence. Advanced sandboxing also integrates with other Cisco security products, such as AMP, Firepower, and Email Security, to provide comprehensive malware protection across the network. Advanced sandboxing is different from other options, such as deep visibility scan, point-in-time checks, and advanced scanning, which are not specific processes or features of Cisco Secure Malware Analytics. Deep visibility scan is a generic term that refers to the ability to inspect network traffic and files for malicious activity. Point-in-time checks are periodic scans that detect malware at a specific moment, but do not provide continuous analysis or retrospective security. Advanced scanning is also a generic term that can refer to any scanning technique that goes beyond basic signature-based detection, such as heuristic analysis, machine learning, or behavioral analysis. References :=

Some possible references are:

Cisco Secure Malware Analytics (Threat Grid)

Malware Protection - Cisco AMP Advanced Malware Protection

Cisco Secure Malware Analytics Data Sheet