Free Cisco 350-701 Practice Exam with Questions & Answers | Set: 6

Using an Internet browser to access cloud-based service creates the risk of insecure implementation of API. API stands for Application Programming Interface, which is a set of rules and protocols that allow different applications or services to communicate and exchange data. API is often used to access cloud-based service, such as software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS). However, if the API is not implemented securely, it can expose sensitive data or allow unauthorized access to the cloud service. For example, an API may not use encryption, authentication, or authorization mechanisms to protect the data in transit or at rest. An API may also have vulnerabilities such as injection, broken authentication, or insufficient logging and monitoring, which can be exploited by attackers to compromise the cloud service or the user’s browser. Therefore, it is important to follow the best practices and standards for secure API development and testing, such as OWASP API Security Top 10. References:

1: Implementing and Operating Cisco Security Core Technologies (SCOR) - Cisco

2: 350-701 SCOR - Cisco

3: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0

4: 12 Cloud Security Issues: Risks, Threats & Challenges - CrowdStrike

5: 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud - SEI Blog

6: Remote Browser Isolation Protects Users from Threats - Cisco Umbrella

7: Which risk is created when using an Internet browser to access cloud-based service?

8: Browser in the Cloud: The Evolution of Secure Browsing - Leostream

[9]: OWASP API Security Top 10 2023

The W32/AutoRun worm is a type of malware that spreads through removable drives, such as USB flash drives, and modifies the autorun.inf file to execute itself when the drive is inserted. The worm also attempts to connect to a remote server and download additional malicious files. One of the features of this worm is that it generates random domain names based on the current date and time, and sends DNS requests to these domains. This is a technique to evade detection and analysis, as well as to communicate with the command and control server. The DNS requests generated by the worm have a distinctive pattern, such as the length of the domain name, the number of subdomains, and the use of redacted characters. By comparing these features to the expected behavior of normal DNS requests, security analysts can identify the presence of the worm and block its traffic. References :=

Some possible references are:

W32/AutoRun worm

DNS requests malicious attack

Four major DNS attack types and how to mitigate them

Explanation

Explanation

+ Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine

to identify sensitive information stored in cloud environments in violation of policy.

+ Cloudlock is API-based.

+ Incidents are a key resource in the Cisco Cloudlock application. They are triggered by the Cloudlock policy engine when a policy detection criteria result in a match in an object (document, field, folder, post, or file).

 Cisco Stealthwatch is the only solution that detects threats across your private network, public clouds, and encrypted traffic. It uses network telemetry and advanced behavioral analytics to monitor network activity and identify anomalies that indicate potential threats. It also leverages Cisco Encrypted Traffic Analytics (ETA) to detect malware in encrypted traffic without decryption. Cisco Stealthwatch provides visibility, threat detection, and response across your entire network and cloud environment1234 References := 1: Cisco Stealthwatch detects threats across private networks, public clouds, and encrypted traffic - Cisco Blogs 2: The XDR Solution to the Ransomware Problem - Cisco Blogs 3: Network Threat Detection and Response with Cisco Stealthwatch - Locuz 4: Cisco Secure Network Analytics (Stealthwatch) - Cisco

Cisco Secure Workload (formerly Tetration) is a solution that provides visibility, segmentation, and security for cloud applications. It can monitor application communications, detect abnormal application behavior, and identify vulnerabilities within the applications. Cisco Secure Workload can also enforce granular policies to control the traffic between applications and prevent unauthorized access. References: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 6: Cloud and Content Security, Lesson 6.2: Cisco Cloud Security Solutions, Topic 6.2.2: Cisco Secure Workload

Before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software, the default action is to "pass." This means that the traffic is allowed through without inspection until the URL can be identified, at which point appropriate security policies can be applied based on the URL categorization and reputation.

Explanation

Cisco Firepower deployments can take advantage of platform settings policies. A platform settings policy is a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in your deployment, such as time settings and external authentication. Examples of these platform settings policies are time and date settings, external authentication, and other common

administrative features.

A shared policy makes it possible to configure multiple managed devices at once, which provides consistency in your deployment and streamlines your management efforts. Any changes to a platform settings policy affects all the managed devices where you applied the policy. Even if you want different settings per device, you must create a shared policy and apply it to the desired device.

For example, your organization’s security policies may require that your appliances have a “No Unauthorized Use” message when a user logs in. With platform settings, you can set the login banner once in a platform settings policy.

AAA stands for Authentication, Authorization, and Accounting. It is a framework that provides security to network resources by controlling who can access them (authentication), what they can do (authorization), and what actions they perform (accounting). AAA can be implemented by using the local database of the device or by using an external server such as Cisco ISE (Identity Services Engine).

The question asks which configuration item makes it possible to have the AAA session on the network. A session is a logical connection between a user and a network device. A session can be initiated by various methods, such as console, telnet, SSH, PPP, etc. Each session can have different AAA policies applied to it, depending on the method list configured for that session.

A method list is a set of rules that define the authentication, authorization, and accounting methods to be used for a particular session. A method list can be named or default. A named method list is applied to a specific session by using the login, authorization, or accounting keyword followed by the name of the method list. A default method list is applied to all sessions that do not have a named method list configured.

The configuration item that makes it possible to have the AAA session on the network is the aaa authorization network default group ise command. This command configures a default method list for network authorization, which is the process of determining the network services and attributes that a user is allowed to access after authentication. The command specifies that the network authorization method is group, which means that the device will use an external server (such as Cisco ISE) to obtain the authorization information for the user. The command also specifies that the name of the server group is ise, which means that the device will use the server group defined by the aaa group server radius ise command.

The other options are incorrect because they do not configure a default method list for network authorization. Option A configures a named method list for login authentication, which is the process of verifying the identity of the user. Option B configures a default method list for enable authentication, which is the process of verifying the identity of the user who wants to enter the privileged EXEC mode. Option D configures a default method list for exec authorization, which is the process of determining the commands and features that a user can access in the EXEC mode. References:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 1: Security Concepts, Lesson 1: Describing Information Security Concepts

Configure Basic AAA on an Access Server, General AAA Configuration, Authentication Configuration, Authorization Configuration

AAA (Authentication, Authorization and Accounting) - GeeksforGeeks, AAA implementation, ACS server

Cisco Stealthwatch is a network security and visibility platform that provides an agentless solution to monitor network traffic and detect threats, including those in encrypted traffic. Stealthwatch uses Encrypted Traffic Analytics (ETA), a technology that leverages network telemetry and machine learning to identify malicious patterns and behaviors in encrypted traffic without decryption. ETA can also assess the cryptographic strength and compliance of the encryption protocols used in the network. Stealthwatch integrates with other Cisco security products, such as Cisco Identity Services Engine (ISE) and Cisco Advanced Malware Protection (AMP), to provide contextual information and threat intelligence for faster and more effective response. Stealthwatch is the only Cisco platform that offers ETA as a solution to provide visibility across the network, including encrypted traffic analytics, to detect malware in encrypted traffic without the need for decryption. References :=

Some possible references are:

Cisco Secure Network Analytics (Stealthwatch) - Cisco, Cisco

Encrypted Traffic Analytics > Security | Cisco Press, Cisco Press

Solutions - Encrypted Traffic Analytics with the New Cisco Network and Secure Network Analytics At-a-Glance - Cisco, Cisco

Cisco Encrypted Traffic Analytics White Paper, Cisco

Explanation

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message.

Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on.

For example the code below is written in hex:

href=javascript:alert&#

x28'XSS')>Click Here

is equivalent to:

Click Here

Note: In the format “&#xhhhh“, hhhh is the code point in hexadecimal form.

 MAB is a fallback authentication method for devices that do not support 802.1X. When MAB is enabled on a switchport, the switch will first try 802.1X and if it fails, it will use the MAC address of the device as the username and password to authenticate it with a RADIUS server. The RADIUS server must have a database of MAC addresses that are allowed on the network. MAB can also support dynamic VLAN assignment and ACLs from the RADIUS server. MAB is not a very secure method because MAC addresses can be easily spoofed or changed. Therefore, MAB should be used with caution and only for devices that cannot use 802.1X. References :=

Some possible references are:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Securing Networks with Cisco Firepower Next Generation Firewall, Lesson 3.2: Deploying Cisco Firepower Next-Generation Firewall, Topic 3.2.2: 802.1X and MAB

MAC Authentication Bypass Deployment Guide, Cisco, MAB Overview, What is MAB?

MAC Authentication Bypass (MAB), NetworkLessons.com, How MAB Works

MAC-based authentication (MAB), RADIUSaaS Docs, How it works

MAC authentication and username/password, Cisco Community, Answer by hslai

Explanation

Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security

Broker (CASB) and cloud cybersecurity platform.

Explanation

The following are restrictions for Flexible NetFlow:

+ Traditional NetFlow (TNF) accounting is not supported.

+ Flexible NetFlow v5 export format is not supported, only NetFlow v9 export format is supported.

+ Both ingress and egress NetFlow accounting is supported.

+ Microflow policing feature shares the NetFlow hardware resource with FNF.

+ Only one flow monitor per interface and per direction is supported.