思科网络工程师题库3.docx

思科网络工程师题库1-200QlInwhichformofattackisalternateencoding,suchashexadecimalrepresentation,mostoftenobserved?A. SmurfB. distributeddenialofserviceC. cross-sitescriptingD. rootkitexploitAnswer:CExplanation:Crosssitescripting(alsoknownasXSS)occurswhenawebapplicationgathersmaliciousdatafromauser.Thedataisusuallygatheredintheformofahyperlinkwhichcontainsmaliciouscontentwithinit.Theuserwillmostlikelyclickonthislinkfromanotherwebsite,instantmessage,orSimplyjustreadingawebboardoremailmessage.UsuallytheattackerwillencodethemaliciousportionofthelinktothesiteinHEX(orotherencodingmethods)sotherequestislesssuspiciouslookingtotheuserwhenclickedon.Forexamplethecodebelowiswritteninhex:<ahref二&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>ClickHere<a>isequivalentto:<ahref=javascriptlert(,XSS,)>ClickHere<a>Note:Intheformat"&#xhhhh",hhhhisthecodepointinhexadecimalform.Q2.WhichflawdoesanattackerleveragewhenexploitingSQLinjectionvulnerabilities?A. userinputvalidationinawebpageorwebapplicationB. LinuxandWindowsoperatingsystemsC. databaseD. webpageimagesAnswer:AExplanation:SQLinjectionusuallyoccurswhenyouaskauserforinput,liketheirusemame/userid,buttheusergives("injects")youanSQLstatementthatyouwillunknowinglyrunonyourdatabase.Forexample:Lookatthefollowingexample,whichcreatesaSELECTstatementbyaddingavariable(txtllserld)toaselectstring.Thevariableisfetchedfromuserinput(getRequestString):txtllserld=getRequestStng(,'Userld");txtSQL="SELECT*FROMUsersWHEREUserld="+txtllserld;Ifuserentersomethinglikethis:"100OR1=1"thentheSQLstatementwilllooklikethis:SELECT*FROMUsersWHEREUserld=100OR1=1;TheSQLaboveisvalidandwillreturnALLrowsfromthe"Users"table,sinceOR1=1isalwaysTRUE.Ahackermightgetaccesstoalltheusernamesandpasswordsinthisdatabase.Q3.WhichtwopreventiontechniquesareusedtomitigateSQLinjectionattacks?(Choosetwo)A. Checkinteger,float,orBooleanstringparameterstoensureaccuratevalues.B. Usepreparedstatementsandparameterizedqueries.C. Securetheconnectionbetweenthewebandtheapptier.D. WriteSQLcodeinsteadofusingobject-relationalmappinglibraries.E. BlockSQLcodeexecutioninthewebapplicationdatabaselogin.Answer:ABQ4.Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingandsocialengineeringattacks?(Choosetwo)A. Patchforcross-sitescripting.B. Performbackupstotheprivatecloud.C. Protectagainstinputvalidationandcharacterescapesintheendpoint.D. Installaspamandvirusemailfilter.E. Protectsystemswithanup-to-dateantimalwareprogram.AnSWe匚DEExplanation:Phishingattacksarethepracticeofsendingfraudulentcommunicationsthatappeartocomefromareputablesource.Itisusuallydonethroughemail.Thegoalistostealsensitivedatalikecreditcardandlogininformation,ortoinstallmalwareonthevictim'smachine.Q5.Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo)A. Enablebrowseralertsforfraudulentwebsites.B. Definesecuritygroupmemberships.C. RevokeexpiredCRLofthewebsites.D. Useantispywaresoftware.E. Implementemailfilteringtechniques.Answer:AEQ6.Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo)A. Theattackisfragmentedintogroupsof16octetsbeforetransmission.B. Theattackisfragmentedintogroupsof8octetsbeforetransmission.C. ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.D. Malformedpacketsareusedtocrashsystems.E. PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.Answer:BDExplanation:PingofDeath(PoD)isatypeofDenialofService(DoS)attackinwhichanattackerattemptstocrash,destabilize,orfreezethetargetedcomputerorservicebysendingmalformedoroversizedpacketsusingasimplepingcommand.Acorrectly-formedpingpacketistypically56bytesinsize,or64byteswhentheICMPheaderisconsidered,and84includingInternetProtocolversion4header.However,anyIPv4packet(includingpings)maybeaslargeas65,535bytes.SomecomputersystemswereneverdesignedtoproperlyhandleapingpacketlargerthanthemaximumpacketsizebecauseitviolatestheInternetProtocoldocumentedLikeotherlargebutwell-formedpackets,apingofdeathisfragmentedintogroupsof8octetsbeforetransmission.However,whenthetargetcomputerreassemblesthemalformedpacket,abufferoverflowcanoccur,causingasystemcrashandpotentiallyallowingtheinjectionofmaliciouscode.Q7.Whichtwopreventivemeasuresareusedtocontrolcross-sitescripting?(Choosetwo)A. Enableclient-sidescriptsonaper-domainbasis.B. Incorporatecontextualoutputecodingescaping.C. DisablecookieinspectionintheHTMLinspectionengine.D. RununtrustedHTMLinputthroughanHTMLsanitizationengine.E. SameSitecookieattributeshouldnotbeused.AnSWe匚ABQ8.Whatisthedifferencebetweendeceptivephishingandspearphishing?A. DeceptivephishingisanattackedaimedataspecificuserintheorganizationwhoholdsaC-Ievelrole.B. Aspearphishingcampaignisaimedataspecificpersonversusagroupofpeople.C. SpearphishingiswhentheattackisaimedattheC-Ievelexecutivesofanorganization.D. DeceptivephishinghijacksandmanipulatestheDNSserverofthevictimandredirectstheusertoafalsewebpage.Answer:BExplanation:Indeceptivephishing,fraudstersimpersonatealegitimatecompanyinanattempttostealpeople'spersonaldataorlogincredentials.Thoseemailsfrequentlyusethreatsandasenseofurgencytoscareusersintodoingwhattheattackerswant.Spearphishingiscarefullydesignedtogetasinglerecipienttorespond.Criminalsselectanindividualtargetwithinanorganization,usingsocialmediaandotherpublicinformationandcraftafakeemailtailoredforthatperson.Q9.WhichattackiscommonlyassociatedwithCandC+programminglanguages?A. cross-sitescriptingB. waterholingC. DDoSD. bufferoverflowAnswer:DExplanation:Abufferoverflow(orbufferoverrun)occurswhenthevolumeofdataexceedsthestoragecapacityofthememorybuffer.Asaresult,theprogramattemptingtowritethedatatothebufferoverwritesadjacentmemorylocations.BufferoverflowisavulnerabilityinlowlevelcodesofCandC+.Anattackercancausetheprogramtocrash,makedatacorrupt,stealsomeprivateinformationorrunhis/herowncode.Itbasicallymeanstoaccessanybufferoutsideofit'sallotedmemoryspace.Thishappensquitefrequentlyinthecaseofarrays.Q10.WhatisalanguageformatdesignedtoexchangethreatintelligencethatcanbetransportedovertheTAXIIprotocol?A. STIXB. XMPPC. p×GridD. SMTPAnswer:AExplanation:TAXII(TrustedAutomatedExchangeofIndicatorInformation)isastandardthatprovidesatransportmechanism(dataexchange)ofcyberthreatintelligenceinformationinSTIX(StructuredThreatInformationeXpression)format.Inotherwords,TAXIIserverscanbeusedtoauthorandexchangeSTIXdocumentsamongparticipants.STIX(StructuredThreatInformationeXpression)isastandardizedlanguagewhichhasbeendevelopedinacollaborativewayinordertorepresentstructuredinformationaboutcyberthreats.Ithasbeendevelopedsoitcanbeshared,stored,andotherwiseusedinaconsistentmannerthatfacilitatesautomationandhumanassistedanalysis.Qll.WhichtwocapabilitiesdoesTAXIIsupport?(Choosetwo)A. ExchangeB. PullmessagingC. BindingD. CorrelationE. MitigatingAnswer:BCExplanation:TheTrustedAutomatedeXchangeofIndicatorInformation(TAXII)specifiesmechanismsforexchangingstructuredcyberthreatinformationbetweenpartiesoverthenetwork.TAXIIexiststoprovidespecificcapabilitiestothoseinterestedinsharingstructuredcyberthreatinformation.TAXIICapabilitiesarethehighestlevelatwhichTAXIIactionscanbedescribed.TherearethreecapabilitiesthatthisversionofTAXIIsupports:pushmessaging,pullmessaging,anddiscovery.Althoughthereisno"binding"capabilityinthelistbutitisthebestanswerhere.Q12.Whichtworisksisacompanyvulnerabletoifitdoesnothaveawell-establishedpatchingsolutionforendpoints?(Choosetwo)A. exploitsB. ARPspoofingC. denial-of-serviceattacksD. malwareE. eavesdroppingAnswer:ADExplanation:Malwaremeans"malicioussoftware",isanysoftwareintentionallydesignedtocausedamagetoacomputer,server,client,orcomputernetwork.Themostpopulartypesofmalwareincludesviruses,ransomwareandspyware.VirusPossiblythemostcommontypeofmalware,virusesattachtheirmaliciouscodetocleancodeandwaittoberun.Ransomwareismalicioussoftwarethatinfectsyourcomputeranddisplaysmessagesdemandingafeetobepaidinorderforyoursystemtoworkagain.Spywareisspyingsoftwarethatcansecretlyrecordeverythingyouenter,upload,download,andstoreonyourcomputersormobiledevices.Spywarealwaystriestokeepitselfhidden.Anexploitisacodethattakesadvantageofasoftwarevulnerabilityorsecurityflaw.Exploitsandmalwarearetworisksforendpointsthatarenotuptodate.ARPspoofingandeavesdroppingareattacksagainstthenetworkwhiledenial-of-serviceattackisbasedonthefloodingofIPpackets.Q13.WhichPKIenrollmentmethodallowstheusertoseparateauthenticationandenrollmentactionsandalsoprovidesanoptiontospecifyHTTP/TFTPcommandstoperformfileretrievalfromtheserver?A. urlB. terminalC. profileD. selfsignedAnswer:CExplanation:Atrustpointenrollmentmode,whichalsodefinesthetrustpointauthenticationmode,canbeperformedvia3mainmethods:1. TerminalEnrollmentmanualmethodofperformingtrustpointauthenticationandcertificateenrolmentusingcopy-pasteintheCLIterminal.2. SCEPEnrollmentTrustpointauthenticationandenrollmentusingSCEPoverHTTP.3. EnrollmentProfileHere,authenticationandenrollmentmethodsaredefinedseparately.AlongwithterminalandSCEPenrollmentmethods,enrollmentprofilesprovideanoptiontospecifyHTTP/TFTPcommandstoperformfileretrievalfromtheServer,whichisdefinedusinganauthenticationorenrollmenturlundertheprofile.Reference:httpscenussupportdocssecurity-vpnpublic-key-infrastructure-pki211333-IOS-PKI-Deployment-Guide-lnitial-Design.htmlQ14.Whataretworootkittypes?(Choosetwo)A.registryB. virtualC. bootloaderD. usermodeE. buffermodeAnswer:CDExplanation:Theterm'rootkit'originallycomesfromtheUnixworld,wheretheword'root'isusedtodescribeauserwiththehighestpossiblelevelofaccessprivileges,similartoan'Administrator'inWindows.Theword'kit,referstothesoftwarethatgrantsroot-levelaccesstothemachine.Putthetwotogetherandyouget'rootkit,aprogramthatgivessomeonewithlegitimateormaliciousintentionsprivilegedaccesstoacomputer.Therearefourmaintypesofrootkits:Kernelrootkits,Usermoderootkits,Bootloaderrootkits,MemoryrootkitsQ15.Whichformofattackislaunchedusingbotnets?A.日DDe)SB. virusC. DDOSD. TCPfloodAnswer:CExplanation:Abotnetisacollectionofinternet-connecteddevicesinfectedbymalwarethatallowhackerstocontrolthem.Cybercriminalsusebotnetstoinstigatebotnetattacks,whichincludemaliciousactivitiessuchascredentialsleaks,unauthorizedaccess,datatheftandDDoSattacks.Q16.Whichthreatinvolvessoftwarebeingusedtogainunauthorizedaccesstoacomputersystem?A. virusB. NTPamplificationC. pingofdeathD. HKPfloodAnswer:AQ17.Whichtypeofattackissocialengineering?A. trojanB. phishingC. malwareD. MITMAnswer:BExplanation:Phishingisaformofsocialengineering.Phishingattacksuseemailormaliciouswebsitestosolicitpersonal,oftenfinancial,information.AttackersmaysendemailseeminglyfromareputablecreditcardcompanyOrfinancialinstitutionthatrequestsaccountinformation,oftensuggestingthatthereisaproblem.Q18.WhichtwokeyandblocksizesarevalidforAES?(Choosetwo)A. 64-bitblocksize,112-bitkeylengthB. 64-bitblocksize,168-bitkeylengthC. 128-bitblocksize,192-bitkeylengthD. 128-bitblocksize,256-bitkeylengthE. 192-bitblocksize,256-bitkeylengthAnswer:CDExplanation:TheAESencryptionalgorithmencryptsanddecryptsdatainblocksof128bits(blocksize).Itcandothisusing128-bit,192-bit,or256-bitkeysQ19.WhichtwodescriptionsofAESencryptionaretrue?(Choosetwo)A. AESislesssecurethan3DES.B. AESismoresecurethan3DES.C. AEScanusea168-bitkeyforencryption.D. AEScanusea256-bitkeyforencryption.E. AESencryptsanddecryptsakeythreetimesinsequence.Answer:BDQ20.Whichalgorithmprovidesencryptionandauthenticationfordataplanecommunication?A. AES-GCMB. SHA-96C. AES-256D. SHA-384Answer:AExplanation:Thedataplaneofanynetworkisresponsibleforhandlingdatapacketsthataretransportedacrossthenetwork.(Thedataplaneisalsosometimescalledtheforwardingplane.)MaybethisQwantstoaskabouttheencryptionandauthenticationinthedataplaneofaSD-WANnetwork(butSD-WANisnotatopicoftheSCOR350-701exam?).IntheCiscoSD-WANnetworkforunicasttraffic,dataplaneencryptionisdonebyAES-256-GCM,asymmetric-keyalgorithmthatusesthesamekeytoencryptoutgoingpacketsandtodecryptincomingpackets.EachrouterperiodicallygeneratesanAESkeyforitsdatapath(specifically,onekeyperTLOC)andtransmitsthiskeytothevSmartcontrollerinOMProutepackets,whicharesimilartoIProuteupdates.Reference:httpscenustddocsrouterssdwanconfigurationsecurityvedgesecurity-book/security-overview.htmlQ21.Ellipticcurvecryptographyisastrongermoreefficientcryptographymethodmeanttoreplacewhichcurrentencryptiontechnology?A. 3DESB. RSAC. DESD. AESAnswer:BExplanation:ComparedtoRSA,theprevalentpublic-keycryptographyoftheInternettoday,EllipticCurveCryptography(ECC)offerssmallerkeysizes,fastercomputation,aswellasmemory,energyandbandwidthsavingsandisthusbettersuitedforsmalldevices.Q22.WhatistheresultofrunningthecryptoisakmpkeyciscXXX×XXXXaddress172.16.0.0command?A.authenticatestheIKEv2peersinthe172.16.0.0/16rangebyusingthekeyciscXXXXXXXXB.authenticatestheIPaddressofthe172.16.0.0/32peerbyusingthekeyciscXXXXXXXXC.authenticatestheIKEvlpeersinthe172.16.0.0/16rangebyusingthekeyciscXXXXXXXXD.securesallthecertificatesintheIKEexchangebyusingthekeyciscXXXXXXXXAnswer:BExplanation:Thesyntaxofabovecommandis:cryptoisakmpkeyenc-type-digitkeystringaddresspeer-addressmaskipv6ipv6-addressipv6-prefixhostnamehostnameo-xauthThepeer-addressargumentspecifiestheIPorIPv6addressoftheremotepeer.Reference:httpscenustddocsios-xmliossecurityalsec-al-cr-booksec-cr-c4.html#wp6039879Q23.WhichtechnologymustbeusedtoimplementsecureVPNconnectivityamongcompanybranchesoveraprivateIPcloudwithany-to-anyscalableconnectivity?A. DMVPNB. FIexVPNC. IPsecDVTID. GETVPNAnswer:DExplanation:Cisco'sGroupEncryptedTransportVPN(GETVPN)introducestheconceptofatrustedgrouptoeliminatepoint-to-pointtunnelsandtheirassociatedoverlayrouting.Allgroupmembers(GMs)shareacommonsecurityassociation(SA),alsoknownasagroupSA.ThisenablesGMstodecrypttrafficthatwasencryptedbyanyotherGM.GETVPNprovidesinstantaneouslarge-scaleany-to-anyIPconnectivityusingagroupIPsecsecurityparadigm.Reference:httpscdamenusproductscollateralsecuritygroup-encrypted-transport-vpn/GETVPN_DIG_version_2_0_External.pdfQ24.WhichtwoconditionsareprerequisitesforstatefulfailoverforIPsec?(Choosetwo)A. OnlytheIKEconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice;theIPsecconfigurationiscopiedautomaticallyB. TheactiveandstandbydevicescanrundifferentversionsoftheCiscoIOSsoftwarebutmustbethesametypeofdevice.C. TheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydeviceD. OnlytheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice;theIKEconfigurationiscopiedautomatically.E. Theactiveandstandbydevicesmustrunthe