思科网络工程师题库1.docx

《思科网络工程师题库1.docx》由会员分享，可在线阅读，更多相关《思科网络工程师题库1.docx（61页珍藏版）》请在课桌文档上搜索。

1、CCNP/CCIESecuritySCOR思科网络工程师题库1QLlnwhichformofattackisalternateencoding,suchashexadecimalrepresentation,mostoftenobserved?A. SmurfB. distributeddenialofserviceC. cross-sitescriptingD. rootkitexploitAnswer:CExplanation:Crosssitescripting(alsoknownasXSS)occurswhenawebapplicationgathersmaliciousdatafro

2、mauser.Thedataisusuallygatheredintheformofahyperlinkwhichcontainsmaliciouscontentwithinit.Theuserwillmostlikelyclickonthislinkfromanotherwebsite,instantmessage,orsimplyjustreadingawebboardoremailmessage.UsuallytheattackerwillencodethemaliciousportionofthelinktothesiteinHEX(orotherencodingmethods)sot

3、herequestislesssuspiciouslookingtotheuserwhenclickedon.Forexamplethecodebelowiswritteninhex:ClickHereisequivalentto:ClickHereNote:Intheformat&#Xhhhh”,hhhhisthecodepointinhexadecimalform.Q2.WhichflawdoesanattackerleveragewhenexploitingSQLinjectionvulnerabilities?A. userinputvalidationinawebpageorweba

4、pplicationB. LinuxandWindowsoperatingsystemsC. databaseD. webpageimagesAnswer:AExplanation:SQLinjectionusuallyoccurswhenyouaskauserforinput,liketheirusername/userid,buttheusergives(injects)youanSQLstatementthatyouwillunknowinglyrunonyourdatabase.Forexample:Lookatthefollowingexample,whichcreatesaSELE

5、CTstatementbyaddingavariable(txtUserld)toaselectstring.Thevariableisfetchedfromuserinput(getRequestString):txtUserld=getRequestString(Userld);txtSQL=SELECT*FROMUsersWHEREUserld=+txtUserld;Ifuserentersomethinglikethis:100OR1=1thentheSQLstatementwilllooklikethis:SELECT*FROMUsersWHEREUserld=100OR1=1;Th

6、eSQLaboveisvalidandwillreturnALLrowsfromtheUserstable,sinceOR1=1isalwaysTRUE.Ahackermightgetaccesstoalltheusernamesandpasswordsinthisdatabase.Q3.WhichtwopreventiontechniquesareusedtomitigateSQLinjectionattacks?(Choosetwo)A. Checkinteger,float,orBooleanstringparameterstoensureaccuratevalues.B. Usepre

7、paredstatementsandparameterizedqueries.C. Securetheconnectionbetweenthewebandtheapptier.D. WriteSQLcodeinsteadofusingobject-relationalmappinglibraries.E. BlockSQLcodeexecutioninthewebapplicationdatabaselogin.Answer:ABQ4.Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingands

8、ocialengineeringattacks?(Choosetwo)A. Patchforcross-sitescripting.B. Performbackupstotheprivatecloud.C. Protectagainstinputvalidationandcharacterescapesintheendpoint.D. Installaspamandvirusemailfilter.E. Protectsystemswithanup-to-dateantimalwareprogram.Answer:DEExplanation:Phishingattacksarethepract

9、iceofsendingfraudulentcommunicationsthatappeartocomefromareputablesource.Itisusuallydonethroughemail.Thegoalistostealsensitivedatalikecreditcardandlogininformation,ortoinstallmalwareonthevictimsmachine.Q5.Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo)A. Enablebrowseralertsforfraudulen

10、twebsites.B. Definesecuritygroupmemberships.C. RevokeexpiredCRLofthewebsites.D. Useantispywaresoftware.E. Implementemailfilteringtechniques.Answer:AEQ6.Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo)A. Theattackisfragmentedintogroupsof16octetsbeforetransmission.B. Theattackisfra

11、gmentedintogroupsof8octetsbeforetransmission.C. ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.D. Malformedpacketsareusedtocrashsystems.E. PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.Answer:BDExplanation:PingofDeath(PoD)isatypeofDenialofService(DoS)attackinwhichana

12、ttackerattemptstocrash,destabilize,orfreezethetargetedcomputerorservicebysendingmalformedoroversizedpacketsusingasimplepingcommand.Acorrectly-formedpingpacketistypically56bytesinsize,or64byteswhentheICMPheaderisconsidered,and84includingInternetProtocolversion4header.However,anyIPv4packet(includingpi

13、ngs)maybeaslargeas65,535bytes.SomecomputersystemswereneverdesignedtoproperlyhandleapingpacketlargerthanthemaximumpacketsizebecauseitviolatestheInternetProtocoldocumentedLikeotherlargebutwell-formedpackets,apingofdeathisfragmentedintogroupsof8octetsbeforetransmission.However,whenthetargetcomputerreas

14、semblesthemalformedpacket,abufferoverflowcanoccur,causingasystemcrashandpotentiallyallowingtheinjectionofmaliciouscode.Q7Whichtwopreventivemeasuresareusedtocontrolcross-sitescripting?(Choosetwo)A. Enableclient-sidescriptsonaper-domaibasis.B. Incorporatecontextualoutputecodingescaping.C. Disablecooki

15、einspectionintheHTMLinspectionengine.D. RununtrustedHTMLinputthroughanHTMLsanitizationengine.E. SameSitecookieattributeshouldnotbeused.Answer:ABQ8.Whatisthedifferencebetweendeceptivephishingandspearphishing?A. DeceptivephishingisanattackedaimedataspecificuserintheorganizationwhoholdsaC-Ievelrole.B.

16、Aspearphishingcampaignisaimedataspecificpersonversusagroupofpeople.C. SpearphishingiswhentheattackisaimedattheC-Ievelexecutivesofanorganization.D. DeceptivephishinghijacksandmanipulatestheDNSserverofthevictimandredirectstheusertoafalsewebpage.Explanation:Indeceptivephishing,fraudstersimpersonatealeg

17、itimatecompanyinanattempttostealpeoplespersonaldataorlogincredentials.Thoseemailsfrequentlyusethreatsandasenseofurgencytoscareusersintodoingwhattheattackerswant.Spearphishingiscarefullydesignedtogetasinglerecipienttorespond.Criminalsselectanindividualtargetwithinanorganization,usingsocialmediaandoth

18、erpublicinformationandcraftafakeemailtailoredforthatperson.Q9.WhichattackiscommonlyassociatedwithCandC+programminglanguages?A. cross-sitescriptingB. waterholingC. DDoSD. bufferoverflowAnswer:DExplanation:Abufferoverflow(orbufferoverrun)occurswhenthevolumeofdataexceedsthestoragecapacityofthememorybuf

19、fer.Asaresult,theprogramattemptingtowritethedatatothebufferoverwritesadjacentmemorylocations.BufferoverflowisavulnerabilityinlowlevelcodesofCandC+.Anattackercancausetheprogramtocrash,makedatacorrupt,stealsomeprivateinformationorrunhis/herowncode.Itbasicallymeanstoaccessanybufferoutsideofitsallotedme

20、moryspace.Thishappensquitefrequentlyinthecaseofarrays.Q10.WhatisalanguageformatdesignedtoexchangethreatintelligencethatcanbetransportedovertheTAXIIprotocol?A. STIXB. XMPPC. pGridD. SMTPAnSWe匚AExplanation:TAXII(TrustedAutomatedExchangeofIndicatorInformation)isastandardthatprovidesatransportmechanism(

21、dataexchange)ofcyberthreatintelligenceinformationinSTIX(StructuredThreatInformationeXpression)format.Inotherwords,TAXIIserverscanbeusedtoauthorandexchangeSTIXdocumentsamongparticipants.STIX(StructuredThreatInformationeXpression)isastandardizedlanguagewhichhasbeendevelopedinacollaborativewayinorderto

22、representstructuredinformationaboutcyberthreats.Ithasbeendevelopedsoitcanbeshared,stored,andothen*viseusedinaconsistentmannerthatfacilitatesautomationandhumanassistedanalysis.Qll.WhichtwocapabilitiesdoesTAXIIsupport?(Choosetwo)A. ExchangeB. PullmessagingC. BindingD. CorrelationE. MitigatingAnswer:BC

23、Explanation:TheTrustedAutomatedeXchangeofIndicatorInformation(TAXII)specifiesmechanismsforexchangingstructuredcyberthreatinformationbetweenpartiesoverthenetwork.TAXIIexiststoprovidespecificcapabilitiestothoseinterestedinsharingstructuredcyberthreatinformation.TAXIICapabilitiesarethehighestlevelatwhi

24、chTAXIIactionscanbedescribed.TherearethreecapabilitiesthatthisversionofTAXIIsupports:pushmessaging,pullmessaging,anddiscovery.Althoughthereisnobindingcapabilityinthelistbutitisthebestanswerhere.Q12,Whichtworisksisacompanyvulnerabletoifitdoesnothaveawell-establishedpatchingsolutionforendpoints?(Choos

25、etwo)A. exploitsB. ARPspoofingC. deial-of-serviceattacksD. malwareE. eavesdroppingAnswer:ADExplanation:Malwaremeansmalicioussoftware,isanysoftwareintentionallydesignedtocausedamagetoacomputer,server,client,orcomputernetwork.Themostpopulartypesofmalwareincludesviruses,ransomwareandspyware.VirusPossib

26、lythemostcommontypeofmalware,virusesattachtheirmaliciouscodetocleancodeandwaittoberun.Ransomwareismalicioussoftwarethatinfectsyourcomputeranddisplaysmessagesdemandingafeetobepaidinorderforyoursystemtoworkagain.Spywareisspyingsoftwarethatcansecretlyrecordeverythingyouenter,upload,download,andstoreony

27、ourcomputersormobiledevices.Spywarealwaystriestokeepitselfhidden.Anexploitisacodethattakesadvantageofasoftwarevulnerabilityorsecurityflaw.Exploitsandmalwarearetworisksforendpointsthatarenotuptodate.ARPspoofingandeavesdroppingareattacksagainstthenetworkwhiledenial-of-serviceattackisbasedontheflooding

28、ofIPpackets.Q13.WhichPKIenrollmentmethodallowstheusertoseparateauthenticationandenrollmentactionsandalsoprovidesanoptiontospecifyHTTP/TFTPcommandstoperformfileretrievalfromtheserver?A.urlB. terminalC. profileD. selfsignedAnswer:CExplanation:Atrustpointenrollmentmode,whichalsodefinesthetrustpointauth

29、enticationmode,canbeperformedvia3mainmethods:1. TerminalEnrollmentmanualmethodofperformingtrustpointauthenticationandcertificateenrolmentusingcopy-pasteintheCUterminal.2. SCEPEnrollmentTrustpointauthenticationandenrollmentusingSCEPoverHTTP.3. EnrollmentProfileHere,authenticationandenrollmentmethodsa

30、redefinedseparately.AlongwithterminalandSCEPenrollmentmethods,enrollmentprofilesprovideanoptiontospecifyHTTPT11PcommandstoperformfileretrievalfromtheServer,whichisdefinedusinganauthenticationorenrollmenturlundertheprofile.Reference:httpscenussupportdocssecurity-vpnpublic-key-infrastructure-pki211333

31、-IOS-PKI-Deployment-Guide-lnitial-Design.htmlQ14.Whataretworootkittypes?(Choosetwo)A. registryB. virtualC. bootloaderD. usermodeE. buffermodeAnswer:CDExplanation:ThetermrootkitoriginallycomesfromtheUnixworld,wherethewordroot,isusedtodescribeauserwiththehighestpossiblelevelofaccessprivileges,similart

32、oanAdministratorinWindows.Thewordkit,referstothesoftwarethatgrantsroot-levelaccesstothemachine.Putthetwotogetherandyougetrootkit,aprogramthatgivessomeonewithlegitimateormaliciousintentionsprivilegedaccesstoacomputer.Therearefourmaintypesofrootkits:Kernelrootkits,Usermoderootkits,Bootloaderrootkits,M

33、emoryrootkitsQ15.Whichformofattackislaunchedusingbotnets?A.日DDoSB. virusC. DDOSD. TCPfloodAnswer:CExplanation:Abotnetisacollectionofinternet-connecteddevicesinfectedbymalwarethatallowhackerstocontrolthem.Cybercriminalsusebotnetstoinstigatebotnetattacks,whichincludemaliciousactivitiessuchascredential

34、sleaks,unauthorizedaccess,datatheftandDDoSattacks.Q16.Whichthreatinvolvessoftwarebeingusedtogainunauthorizedaccesstoacomputersystem?A. virusB. NTPamplificationC. pingofdeathD. HTTPfloodAnswer:AQ17.Whichtypeofattackissocialengineering?A. trojanB. phishingC. malwareD. MITMAnswer:BExplanation:Phishingi

35、saformofsocialengineering.Phishingattacksuseemailormaliciouswebsitestosolicitpersonal,oftenfinancial,information.Attackersmaysendemailseeminglyfromareputablecreditcardcompanyorfinancialinstitutionthatrequestsaccountinformation,oftensuggestingthatthereisaproblem.Q18.Whichtwokeyandblocksizesarevalidfo

36、rAES?(Choosetwo)A. 64-bitblocksize,112-bitkeylengthB. 64-bitblocksize,168-bitkeylengthC. 128-bitblocksize,192-bitkeylengthD. 128-bitblocksize,256-bitkeylengthE. 192-bitblocksize,256-bitkeylengthAnswer:CDExplanation:TheAESencryptionalgorithmencryptsanddecryptsdatainblocksof128bits(blocksize).Itcandot

37、hisusing128-bit,192-bit,or256-bitkeys.Q19.WhichtwodescriptionsofAESencryptionaretrue?(Choosetwo)A. AESislesssecurethan3DES.B. AESismoresecurethan3DES.C. AEScanusea168-bitkeyforencryption.D. AEScanusea256-bitkeyforencryption.E. AESencryptsanddecryptsakeythreetimesinsequence.Answer:BDQ20.Whichalgorith

38、mprovidesencryptionandauthenticationfordataplanecommunication?A. AES-GCMB. SHA-96C. AES-256D. SHA-384Answer:AExplanation:Thedataplaneofanynetworkisresponsibleforhandlingdatapacketsthataretransportedacrossthenetwork.(Thedataplaneisalsosometimescalledtheforwardingplane.)MaybethisQwantstoaskabouttheenc

39、ryptionandauthenticationinthedataplaneofaSD-WANnetwork(butSD-WANisnotatopicoftheSCOR350-701exam?).IntheCiscoSD-WANnetworkforunicasttraffic,dataplaneencryptionisdonebyAES-256-GCM,asymmetric-keyalgorithmthatusesthesamekeytoencryptoutgoingpacketsandtodecryptincomingpackets.Eachrouterperiodicallygenerat

40、esanAESkeyforitsdatapath(specifically,onekeyperTLOC)andtransmitsthiskeytothevSmartcontrollerinOMProutepackets,whicharesimilartoIProuteupdates.Reference:httpscenustddocsrouterssdwanconfigurationsecurityvedgesecurity-book/security-overview.htmlQ21.Ellipticcurvecryptographyisastrongermoreefficientcrypt

41、ographymethodmeanttoreplacewhichcurrentencryptiontechnology?A. 3DESB. RSAC. DESD. AESAnswer:BExplanation:ComparedtoRSA1theprevalentpublic-keycryptographyoftheInternettoday,EllipticCurveCryptography(ECC)offerssmallerkeysizes,fastercomputation,aswellasmemory,energyandbandwidthsavingsandisthusbettersui

42、tedforsmalldevices.Q22.WhatistheresultofrunningthecryptoisakmpkeyciscXXXXXXXXaddress172.16.0.0command?A. authenticatestheIKEv2peersinthe172.16.0.0/16rangebyusingthekeyciscXXXXXXXXB. authenticatestheIPaddressofthe172.16.0.0/32peerbyusingthekeyciscXXXXXXXXC. authenticatestheIKEvlpeersinthe172.16.0.0/1

43、6rangebyusingthekeyciscXXXXXXXXD. securesallthecertificatesintheIKEexchangebyusingthekeyciscXXXXXXXXAnswer:BExplanation:Thesyntaxofabovecommandis:cryptoisakmpkeyenc-type-digitkeystringaddresspeer-addressmaskipv6ipv6-addressipv6-prefixhostnamehostnameo-xauthThepeer-addressargumentspecifiestheIPorIPv6

44、addressoftheremotepeer.Reference:httpscenustddocsios-mliossecurityalsec-al-cr-booksec-cr-c4.html#wp6039879Q23.WhichtechnologymustbeusedtoimplementsecureVPNconnectivityamongcompanybranchesoveraprivateIPcloudwithany-to-anyscalableconnectivity?A. DMVPNB. FIexVPNC. IPsecDVTID. GETVPNAnswer:DExplanation:

45、CiscosGroupEncryptedTransportVPN(GETVPN)introducestheconceptofatrustedgrouptoeliminatepoint-to-pointtunnelsandtheirassociatedoverlayrouting.Allgroupmembers(GMs)shareacommonsecurityassociation(SA),alsoknownasagroupSA.ThisenablesGMstodecrypttrafficthatwasencryptedbyanyotherGM.GETVPNprovidesinstantaneo

46、uslarge-scaleany-to-anyIPconnectivityusingagroupIPsecsecurityparadigm.Reference:httpscdamenusproductscollateralsecuritygroup-encrypted-transport-vpn/GETVPN_DIG_version_2_0_External.pdfQ24.WhichtwoconditionsareprerequisitesforstatefulfailoverforIPsec?(Choosetwo)A. OnlytheIKEconfigurationthatissetupon

47、theactivedevicemustbeduplicatedonthestandbydevice;theIPsecconfigurationiscopiedautomaticallyB. TheactiveandstandbydevicescanrundifferentversionsoftheCiscoIOSsoftwarebutmustbethesametypeofdevice.C. TheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydeviceD. OnlytheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice;theIKEconfigurationiscopiedautomatically.E. Theactiveandstandbyde