Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

Cisco Implementing and Operating Security Core Technologies 350-701 Dumps in PDF

Free Cisco 350-701 Real Questions (page: 30)

350-701 PDF — 727 Questions

How is DNS tunneling used to exfiltrate data out of a corporate network?

  1. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.
  2. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
  3. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.
  4. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Answer(s): B

Explanation:

Domain name system (DNS) is the protocol that translates human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13. Because DNS messages are only used as the beginning of each communication and they are not intended for data transfer, many organizations do not monitor their DNS traffic for malicious activity. As a result, DNS-based attacks can be effective if launched against their networks. DNS tunneling is one such attack.

An example of DNS Tunneling is shown below:



The attacker incorporates one of many open-source DNS tunneling kits into an authoritative DNS nameserver (NS) and malicious payload.
2. An IP address (e.g. 1.2.3.4) is allocated from the attacker's infrastructure and a domain name (e.g. attackerdomain.com) is registered or reused. The registrar informs the top-level domain (.com) nameservers to refer requests for attackerdomain.com to ns.attackerdomain.com, which has a DNS

record mapped to 1.2.3.4
3. The attacker compromises a system with the malicious payload. Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, P028X977W,...).
4. The payload initiates thousands of unique DNS record requests to the attacker's domain with each string as a part of the domain name (e.g. 3KJ242AIE9.attackerdomain.com). Depending on the attacker's patience and stealth, requests can be spaced out over days or months to avoid suspicious network activity.
5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver,
6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data.


Reference:

https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0



Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?
(Choose two)

  1. Outgoing traffic is allowed so users can communicate with outside organizations.
  2. Malware infects the messenger application on the user endpoint to send company data.
  3. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
  4. An exposed API for the messaging platform is used to send large amounts of data.
  5. Messenger applications cannot be segmented with standard network controls

Answer(s): C,E



Which Cisco AMP file disposition valid?

  1. pristine
  2. malware
  3. dirty
  4. non malicious

Answer(s): B



When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

  1. Spero analysis
  2. dynamic analysis
  3. sandbox analysis
  4. malware analysis

Answer(s): B

Explanation:

Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. Based on the Spero signature, the Spero engine determines whether the file is malware.


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guidev60/Reference_a_wrapper_Chapter_topic_here.html
-> Spero analysis only uploads the signature of the (executable) files to the AMP cloud. It does not upload the whole file. Dynamic analysis sends files to AMP ThreatGrid. Dynamic Analysis submits (the whole) files to Cisco Threat Grid (formerly AMP Threat Grid). Cisco Threat
Grid runs the file in a sandbox environment, analyzes the file's behavior to determine whether the file is malicious, and returns a threat score that indicates the likelihood that a file contains malware. From the threat score, you can view a dynamic analysis summary report with the reasons for the assigned threat score. You can also look in Cisco Threat Grid to view detailed reports for files that your organization submitted, as well as scrubbed reports with limited data for files that your organization did not submit. Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco
Talos Security Intelligence and Research Group (Talos). Because local analysis does not query the

AMP cloud,
and does not run the file, local malware analysis saves time and system resources. -> Malware analysis does not upload files to anywhere, it only checks the files locally. There is no sandbox analysis feature, it is just a method of dynamic analysis that runs suspicious files in a virtual machine.



Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?

  1. cloud web services
  2. network AMP
  3. private cloud
  4. public cloud

Answer(s): C



PDF
Viewing page 30 of 123

Share your comments for Cisco 350-701 exam with other users:

R
Rita Rony
11/27/2023 1:36:00 PM

nice, first step to exams

Anonymous
A
Aloke Paul
9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...

CHINA
C
Calbert Francis
1/15/2024 8:19:00 PM

great exam for people taking 220-1101

UNITED STATES
A
Ayushi Baria
11/7/2023 7:44:00 AM

this is very helpfull for me

Anonymous
A
alma
8/25/2023 1:20:00 PM

just started preparing for the exam

UNITED KINGDOM
C
CW
7/10/2023 6:46:00 PM

these are the type of questions i need.

UNITED STATES
N
Nobody
8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?

Anonymous
S
Salah
7/23/2023 9:46:00 AM

thanks for providing these questions

Anonymous
R
Ritu
9/15/2023 5:55:00 AM

interesting

CANADA
R
Ron
5/30/2023 8:33:00 AM

these dumps are pretty good.

Anonymous
S
Sowl
8/10/2023 6:22:00 PM

good questions

UNITED STATES
B
Blessious Phiri
8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database

Anonymous
R
Richard
10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.

Anonymous
J
Janjua
5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps

GERMANY
M
Matt
12/30/2023 11:18:00 AM

if only explanations were provided...

FRANCE
R
Rasha
6/29/2023 8:23:00 PM

yes .. i need the dump if you can help me

Anonymous
A
Anonymous
7/25/2023 8:05:00 AM

good morning, could you please upload this exam again?

SPAIN
A
AJ
9/24/2023 9:32:00 AM

hi please upload sre foundation and practitioner exam questions

Anonymous
P
peter parker
8/10/2023 10:59:00 AM

the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?

Anonymous
B
Berihun
7/13/2023 7:29:00 AM

all questions are so important and covers all ccna modules

Anonymous
N
nspk
1/19/2024 12:53:00 AM

q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)

Anonymous
M
Muhammad Rawish Siddiqui
12/2/2023 5:28:00 AM

"cost of replacing data if it were lost" is also correct.

SAUDI ARABIA
A
Anonymous
7/14/2023 3:17:00 AM

pls upload the questions

UNITED STATES
M
Mukesh
7/10/2023 4:14:00 PM

good questions

UNITED KINGDOM
E
Elie Abou Chrouch
12/11/2023 3:38:00 AM

question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.

Anonymous
D
Damien
9/23/2023 8:37:00 AM

i need this exam pls

Anonymous
N
Nani
9/10/2023 12:02:00 PM

its required for me, please make it enable to access. thanks

UNITED STATES
E
ethiopia
8/2/2023 2:18:00 AM

seems good..

ETHIOPIA
W
whoAreWeReally
12/19/2023 8:29:00 PM

took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.

EUROPEAN UNION
V
vs
9/2/2023 12:19:00 PM

no comments

Anonymous
J
john adenu
11/14/2023 11:02:00 AM

nice questions bring out the best in you.

Anonymous
O
Osman
11/21/2023 2:27:00 PM

really helpful

Anonymous
E
Edward
9/13/2023 5:27:00 PM

question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you

CANADA
M
Monti
5/24/2023 11:14:00 PM

iam thankful for these exam dumps questions, i would not have passed without this exam dumps.

UNITED STATES
AI Tutor 👋 I’m here to help!