Free Cisco 350-701 Practice Exam with Questions & Answers | Set: 9

Explanation

The following are restrictions for Flexible NetFlow:

+ Traditional NetFlow (TNF) accounting is not supported.

+ Flexible NetFlow v5 export format is not supported, only NetFlow v9 export format is supported.

+ Both ingress and egress NetFlow accounting is supported.

+ Microflow policing feature shares the NetFlow hardware resource with FNF.

+ Only one flow monitor per interface and per direction is supported.

Explanation

Explanation

We should scan emails using AntiVirus signatures to make sure there are no viruses attached in emails.

Note: A virus signature is the fingerprint of a virus. It is a set of unique data, or bits of code, that allow it to be identified. Antivirus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine, and remove the virus.

SenderBase is an email reputation service designed to help email administrators research senders, identify legitimate sources of email, and block spammers. When the Cisco ESA receives messages from known or highly reputable senders, it delivers them directly to the end user without any content scanning. However, when the Cisco ESA receives email messages from unknown or less reputable senders, it performs antispam and antivirus scanning.

 The Python script accomplishes the following tasks:

It imports the required libraries for HTTP, base64, SSL, and sys modules.

It takes the host, user, and password information from the command line arguments and assigns them to variables.

It creates an HTTPS connection object using the host and port 9060, and specifies the SSL protocol as TLSv1_2.

It encodes the user and password information in base64 format for basic HTTP authentication.

It sets the headers for the HTTP request, including the accept, authorization, and cache-control fields.

It sends a GET request to the Cisco ISE server to retrieve information from the “/ers/config/internaluser/” endpoint, which returns the list of internal users configured on Cisco ISE.

It reads the response from the server and prints the status, headers, and body in a human-readable format.

The script authenticates to the Cisco ISE server using the username of ersad and the password of Password1, and retrieves the internal user information from the server.

The main difference between an on-premise solution and a cloud-based solution is the distribution of responsibilities between the customer and the provider. With an on-premise solution, the customer has full control over the installation, configuration, maintenance, and security of the product, but also bears the costs and risks associated with it. With a cloud-based solution, the provider takes care of most of these aspects, while the customer pays a subscription fee and accesses the product over the internet. Therefore, when choosing between the two options, the customer must consider factors such as cost, scalability, performance, availability, security, compliance, and customization. For example, an on-premise solution may be preferred if the customer has strict security or regulatory requirements, or needs a high level of customization. A cloud-based solution may be preferred if the customer wants to reduce capital expenditure, or needs a flexible and scalable solution that can adapt to changing demands. References :=

Some possible references are:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 1: Security Concepts, Lesson 1: Describing Information Security Concepts, Topic: Cloud Security

350-701 SCOR - Cisco, Exam Topics, 1.0 Security Concepts, 1.6 Compare and contrast the characteristics of a data center and the cloud

Cloud vs. On-Premise Software Comparison

Explanation

All IKE policies on the device are sent to the remote peer regardless of what is in the selected policy section.

The first IKE Policy matched by the remote peer will be selected for the VPN connection. Choose which policy is sent first using the priority field. Priority 1 will be sent first.

Explanation

Explanation

Cisco ISE allows a global configuration to issue a Change of Authorization (CoA) in the Profiler Configuration

page that enables the profiling service with more control over endpoints that are already authenticated.

One of the settings to configure the CoA type is “Reauth”. This option is used to enforce reauthentication of an already authenticated endpoint when it is profiled.

The Cisco WSA can participate in the Cisco SensorBase Network, which is a threat management database that collects and shares data from Cisco security products. By participating in the SensorBase Network, the WSA can receive web reputation scores and URL categories for the requested web content, and also contribute data to improve the accuracy and efficacy of the service. The data that the WSA sends to the SensorBase Network servers includes information about request attributes and how the appliance handles requests. However, to protect the privacy and confidentiality of the users and the organization, the WSA does not send the complete URL, but only the summarized server-name information and the MD5-hashed path information. The MD5 hash is a one-way encryption algorithm that converts the path information into a fixed-length string that cannot be reversed. This way, the SensorBase Network can identify the URL without revealing the actual content or parameters of the request. The WSA also does not send any personal or confidential information such as usernames and passwords, or any information about HTTPS transactions, except for the IP address, web reputation score, and URL category of the server name in the certificate. The SensorBase Network Participation is enabled by default, but it can be disabled by the administrator if desired123. References: 3: Web Base Network Participation (WBNP) and Sender Base Network Participation (SBNP) - Cisco 2: User Guide for AsyncOS 15.0 for Cisco Secure Web Appliance - GD (General Deployment) - Introduction 1: User Guide for AsyncOS 12.0 for Cisco Web Security Appliances - GD (General Deployment) - Introduction

Explanation

Two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using a

second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they

know your password.

Note: Single sign-on (SSO) is a property of identity and access management that enables users to securely

authenticate with multiple applications and websites by logging in only once with just one set of credentials

(username and password). With SSO, the application or website that the user is trying to access relies on a

trusted third party to verify that users are who they say they are.

Explanation

Explanation

NetFlow is typically used for several key customer applications, including the following:

…

Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization.

 The vulnerability that allows the attacker to see the passwords being transmitted in clear text is the lack of encryption on the VPN links. Encryption is a process of transforming data into an unreadable form, so that only authorized parties can access it. VPN (Virtual Private Network) is a technology that creates a secure tunnel between two or more devices over a public network, such as the Internet. VPN links should be encrypted to prevent eavesdropping, tampering, or spoofing of the data that passes through them. If the VPN links are not encrypted, an attacker can use a packet sniffer to intercept and read the data, including the passwords, that are sent over the network. This is called a sniffing attack, and it can lead to credential theft, identity spoofing, or data manipulation. Therefore, VPN links should always use strong encryption protocols, such as IPsec or SSL/TLS, to protect the confidentiality and integrity of the data. References :=

Some possible references are:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 - Cisco: This is the official course page for the SCOR 350-701 exam, which covers the topics of implementing and operating Cisco security core technologies. It provides the course objectives, outline, duration, and prerequisites. It also offers various learning options, such as instructor-led training, e-learning, and practice exams.

SCOR 350-701 Official Cert Guide - Cisco Press: This is the official study guide for the SCOR 350-701 exam, written by Omar Santos, a principal engineer at Cisco’s Security Research and Operations group. It covers all the exam topics in depth, with explanations, examples, exercises, and practice questions. It also includes a companion website with online resources, such as videos, quizzes, flashcards, and more.

Cleartext submission of password - PortSwigger: This is a web security article that explains the vulnerability of transmitting passwords over unencrypted connections, and how to exploit it using Burp Suite, a web application testing tool. It also provides some remediation advice, such as using HTTPS and HSTS to enforce encryption.

What Are Sniffing Attacks, and How Can You Protect Yourself? - EC-Council: This is a blog post that describes what sniffing attacks are, how they work, and what are the common types and tools of sniffing attacks. It also provides some tips on how to prevent or detect sniffing attacks, such as using encryption, VPN, firewall, IDS, and anti-sniffing software.

OWASP Application Security FAQ | OWASP Foundation: This is a frequently asked questions page about application security, maintained by the Open Web Application Security Project (OWASP), a non-profit organization that promotes web security awareness and best practices. It covers various topics, such as authentication, authorization, session management, input validation, output encoding, cryptography, error handling, logging, and more.

Explanation

Explanation

Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL). This module identifies and describes concepts that are needed to understand, plan for, and implement a PKI.

A PKI is composed of the following entities: …

– A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs)

Explanation

Malware means “malicious software”, is any software intentionally designed to cause damage to a computer, server, client, or computer network. The most popular types of malware includes viruses, ransomware and spyware. Virus Possibly the most common type of malware, viruses attach their malicious code to clean code and wait to be run.

Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again.

Spyware is spying software that can secretly record everything you enter, upload, download, and store on your computers or mobile devices. Spyware always tries to keep itself hidden.

An exploit is a code that takes advantage of a software vulnerability or security flaw.

Exploits and malware are two risks for endpoints that are not up to date. ARP spoofing and eavesdropping are attacks against the network while denial-of-service attack is based on the flooding of IP packets.

Endpoint security is the process of protecting devices like workstations, servers, and other devices from malicious threats and cyberattacks. Endpoint security enables businesses to secure endpoints that employees use for work purposes or servers that are either on a network or in the cloud. Endpoint security is important because every device that connects to the corporate network is a potential vulnerability, providing a possible entry point for cyber criminals. Therefore, every device an employee uses to connect to any business system or resource carries the risk of becoming the chosen route for hacking into an organization. These devices can be exploited by malware that could leak or steal sensitive data from the business12.

One of the benefits of endpoint security is that it allows the organization to detect and mitigate threats that the perimeter security devices do not detect. Perimeter security devices, such as firewalls and intrusion prevention systems, are designed to protect the network from external attacks. However, they may not be able to prevent or detect attacks that originate from within the network, such as insider threats, compromised devices, or lateral movement. Endpoint security solutions can provide visibility and control over the devices that connect to the network, and can monitor, analyze, and respond to suspicious or malicious activities on the endpoints. Endpoint security solutions can also leverage threat intelligence and advanced analytics to identify and block known and unknown threats, such as ransomware, zero-day exploits, and targeted attacks13. References := 1: What is Endpoint Security? How Does It Work? | Fortinet 2: Microsoft Defender for Endpoint | Microsoft Security 3: Endpoint Security - Check Point Software