350-701 Exam Questions

Total 626 Questions

Last Updated Exam : 16-Dec-2024

Topic 2: Exam Pool B

What are two characteristics of Cisco DNA Center APIs? (Choose two)


A.

Postman is required to utilize Cisco DNA Center API calls.


B.

They do not support Python scripts.


C.

They are Cisco proprietary.


D.

They quickly provision new devices


E.

They view the overall health of the network





D.
  

They quickly provision new devices



E.
  

They view the overall health of the network



Which Dos attack uses fragmented packets to crash a target machine?


A.

smurf


B.

MITM


C.

teardrop


D.

LAND





C.
  

teardrop



A teardrop attack is a denial-of-service (DoS)
attack that involves sending fragmented packets to a targetmachine. Since the machine
receiving such packets cannot reassemble them due to a bug in TCP/IPfragmentation
reassembly, the packets overlap one another, crashing the target network device. This
generally happens on older operating systems such as Windows 3.1x, Windows 95,
Windows NT and versions of the Linux kernel prior to 2.1.63.

Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?


A.

1


B.

2


C.

6


D.

31





C.
  

6



https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identitybased-networkingservices/config_guide_c17-663759.html

Which attack type attempts to shut down a machine or network so that users are not able
to access it?


A.

smurf


B.

bluesnarfing


C.

MAC spoofing


D.

IP spoofing





A.
  

smurf



Denial-of-service (DDoS) aims at shutting down a
network or service, causing it to be inaccessible to itsintended users.The Smurf attack is a
DDoS attack in which large numbers of Internet Control Message Protocol (ICMP)packets
with the intended victim’s spoofed source IP are broadcast to a computer network using an
IPbroadcast address.

In an IaaS cloud services model, which security function is the provider responsible for
managing?


A.

Internet proxy


B.

firewalling virtual machines


C.

CASB


D.

hypervisor OS hardening





B.
  

firewalling virtual machines



In this IaaS model, cloud providers offer resources to
users/machines that include computers as virtualmachines, raw (block) storage, firewalls
, load balancers, and network devices.Note: Cloud access security broker (CASB) provides
visibility and compliance checks, protects data against misuse and exfiltration, and
provides threat protections against malware such as ransomware.

Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?


A.

SNMP


B.

SMTP


C.

syslog


D.

model-driven telemetry





D.
  

model-driven telemetry



https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide

Which algorithm provides asymmetric encryption?


A.

RC4


B.

AES


C.

RSA


D.

3DES





C.
  

RSA



Which two cryptographic algorithms are used with IPsec? (Choose two)


A.

AES-BAC


B.

AES-ABC


C.

HMAC-SHA1/SHA2


D.

Triple AMC-CBC


E.

AES-CBC





C.
  

HMAC-SHA1/SHA2



E.
  

AES-CBC



Cryptographic algorithms defined for use with
IPsec include:+ HMAC-SHA1/SHA2 for integrity protection and authenticity.+ TripleDESCBC
for confidentiality+ AES-CBC and AES-CTR for confidentiality.+ AES-GCM and
ChaCha20-Poly1305 providing confidentiality and authentication together efficiently.

Which two behavioral patterns characterize a ping of death attack? (Choose two)


A.

The attack is fragmented into groups of 16 octets before transmission.


B.

The attack is fragmented into groups of 8 octets before transmission.


C.

Short synchronized bursts of traffic are used to disrupt TCP connections.


D.

Malformed packets are used to crash systems.


E.

Publicly accessible DNS servers are typically used to execute the attack.





B.
  

The attack is fragmented into groups of 8 octets before transmission.



D.
  

Malformed packets are used to crash systems.



ExplanationPing of Death (PoD) is a type of Denial of Service (DoS) attack in
which an attacker attempts to crash,destabilize, or freeze the targeted computer or service
by sending malformed or oversized packets using a simple ping command.A correctlyformed
ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is
considered,and 84 including Internet Protocol version 4 header. However, any IPv4 packet
(including pings) may be as large as 65,535 bytes. Some computer systems were never
designed to properly handle a ping packet larger than the maximum packet size because it
violates the Internet Protocol documentedLike other large but well-formed packets, a ping
of death is fragmented into groups of 8 octets beforetransmission. However, when the
target computer reassembles the malformed packet, a buffer overflow can occur, causing a
system crash and potentially allowing the injection of malicious code.

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?


A.

TCP 6514


B.

UDP 1700


C.

TCP 49


D.

UDP 1812





B.
  

UDP 1700



CoA Messages are sent on two different udp ports depending on the platform. Cisco standardizes on UDP port1700, while the actual RFC calls out using UDP port 3799.


Page 4 out of 63 Pages
Previous