NotJustExam Interactive Question Bank | [CISCO] 350-701

Question 1

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN controller and the network elements
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the cloud

Correct Answer: A

Explanation:

The AI agrees with the suggested answer.
The correct answer is A. SDN controller and the network elements.

Reasoning:
Southbound APIs are crucial for SDN architecture because they enable the SDN controller to directly communicate with and manage the underlying network elements (e.g., switches, routers). This is the fundamental aspect of how an SDN controller exerts control over the data plane.

Why other options are incorrect:

B. management console and the SDN controller: Communication between the management console and the SDN controller typically occurs through northbound APIs.
C. management console and the cloud: This communication is not directly related to the core function of southbound APIs in SDN.
D. SDN controller and the cloud: While the SDN controller might interact with cloud services, the primary function of southbound APIs is to manage network elements, not cloud resources.

Citations:
What is a Southbound Interface? , https://www.sdxcentral.com/networking/sdn/definitions/southbound-interface/

Question 2

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)

A. put
B. options
C. get
D. push
E. connect

Correct Answer: AC

Explanation:

The AI concurs with the suggested answer.
The correct answer is A (put) and C (get).

Reasoning:
The Cisco ASA REST API supports the GET and PUT methods for retrieving and modifying data, respectively. This aligns with standard RESTful principles.

GET: Used to retrieve information from the ASA.
PUT: Used to modify or update existing resources on the ASA.

Reasons for not choosing other options:

B (options): While OPTIONS is a valid HTTP method, its use within the Cisco ASA REST API context is not commonly documented or expected for typical configuration management tasks.
D (push): PUSH is not a standard HTTP method and is not supported by the Cisco ASA REST API.
E (connect): CONNECT is an HTTP method used for establishing a tunnel to a server, typically for SSL proxying, and is not relevant to the Cisco ASA REST API for configuration and management.

Citations:

Cisco ASA REST API Documentation - (Hypothetical Link, as specific ASA REST API documentation link would be needed here - example: https://www.cisco.com/c/en/us/support/security/asa-firepower-services/products-programming-reference-guides-list.html)

Question 3

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the management solution

Correct Answer: D

Explanation:

The AI agrees with the suggested answer D.
The main function of northbound APIs in the SDN architecture is to enable communication between the SDN controller and the management solution. These APIs allow network management and orchestration systems to communicate with the SDN controller to manage network resources and services. They provide a way for applications and higher-level systems to request network services and obtain information about the network state.

Reasoning: Northbound APIs are the interface between the SDN controller and the management plane, which includes tools and applications used to manage and monitor the network. They abstract the underlying network infrastructure and provide a simplified view for network operators and applications.

Reasons for not choosing other options:

A. SDN controller and the cloud: While SDN can be used in cloud environments, the primary function of northbound APIs isn't solely focused on cloud communication. They facilitate communication with any management solution.
B. Management console and the SDN controller: This option is partially correct, but "management solution" is a broader term that encompasses the management console, making option D more comprehensive.
C. Management console and the cloud: Northbound APIs are about communication with the SDN controller, not direct communication between the management console and the cloud.

Citations:

What are Northbound APIs, https://www.sdxcentral.com/networking/sdn/definitions/northbound-apis/

Question 4

What is a feature of the open platform capabilities of Cisco DNA Center?

A. application adapters
B. domain integration
C. intent-based APIs
D. automation adapters

Correct Answer: C

Explanation:

The AI agrees with the suggested answer.
The correct answer is C: intent-based APIs.

Reasoning: Cisco DNA Center's open platform capabilities are largely defined by its use of intent-based APIs. These APIs allow developers and other systems to interact with Cisco DNA Center in a programmatic and policy-driven way. This enables automation, integration with other systems, and the ability to translate business intent into network configurations and policies.

Here's a breakdown of why the other options are less suitable:

A. application adapters: While Cisco DNA Center supports integrations, the term "application adapters" is too broad and doesn't specifically highlight a core feature of its open platform capabilities. The open platform relies more on APIs for a wider range of interactions.
B. domain integration: Domain integration is a general concept and not a specific feature of the open platform capabilities of Cisco DNA Center. While DNA Center facilitates integration across network domains, this isn't the primary aspect of its open platform.
D. automation adapters: Similar to application adapters, "automation adapters" is too general. While DNA Center supports automation, the intent-based APIs are a more fundamental aspect of its open platform that *enables* various automation scenarios.

The key concept is that DNA Center exposes its functionalities through APIs that are designed to understand and implement "intent," which is a high-level business requirement.

Citations:

Cisco DNA Center Platform - Cisco, https://www.cisco.com/c/en/us/solutions/enterprise-networks/dna-center-platform/index.html

Question 5

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?

A. create an SNMP pull mechanism for managing AMP
B. gather network telemetry information from AMP for endpoints
C. get the process and PID information from the computers in the network
D. gather the network interface information about the computers AMP sees

Correct Answer: D

Explanation:

The AI agrees with the suggested answer, which is D.
Reasoning:
The question asks what the API does when connected to a Cisco security appliance, in the context of the exhibit (which is unfortunately not provided in a way that allows for analysis). However, based on the consensus in the discussion, option D, "gather the network interface information about the computers AMP sees," is considered the correct answer. This implies that the API facilitates the collection of network interface details from endpoints monitored by AMP (Advanced Malware Protection).
It is crucial to understand the functionality of AMP and its integration with Cisco security appliances to fully grasp the rationale. AMP for Endpoints monitors endpoint activity and network traffic. An API connection could enable the security appliance to retrieve information about the network interfaces of the computers that AMP is monitoring. This could be useful for network visibility, security analysis, and incident response.
Reasons for not choosing other answers:

A: "create an SNMP pull mechanism for managing AMP" - SNMP is a protocol for network management. While AMP might use SNMP, this answer is not the primary function of the API in relation to a Cisco security appliance.
B: "gather network telemetry information from AMP for endpoints" - This option is similar to D, but D is slightly more specific. Gathering network interface information is a subset of telemetry.
C: "get the process and PID information from the computers in the network" - While AMP can collect process and PID information, this is less directly related to the API's interaction with a Cisco security appliance compared to gathering network interface information.

While a definitive answer requires a detailed understanding of the exhibit (image_0.png), the community consensus and logical deduction point towards option D as the most likely correct answer.

Because the consensus online from Q2 2024 to Q2 2025 is D is the answer

It is important to acknowledge that without the exhibit, this analysis is based on assumptions and general knowledge. In a real exam scenario, careful consideration of the provided exhibit is essential.

Question 6

Which form of attack is launched using botnets?

A. TCP flood
B. DDOS
C. DOS
D. virus

Correct Answer: B

Explanation:

The AI agrees with the suggested answer.
The correct answer is B (DDOS).
Reasoning: Botnets are networks of compromised computers (bots) controlled by a single attacker (bot herder). These botnets are primarily used to launch Distributed Denial of Service (DDoS) attacks.
A DDoS attack involves overwhelming a target server or network with malicious traffic from multiple sources simultaneously, making it unavailable to legitimate users. The distributed nature of botnets makes them ideal for carrying out DDoS attacks, as the attacker can amplify the volume of traffic directed at the target.

Reasons for excluding other options:
* **A. TCP flood:** While TCP SYN floods can be a component of DDoS attacks, they are not exclusively launched using botnets. A single powerful machine could theoretically launch a TCP SYN flood, though botnets are often used for larger scale attacks.
* **C. DOS:** DOS (Denial of Service) attacks originate from a single source. Botnets are used for DDOS, not DOS attacks.
* **D. virus:** A virus is a type of malware that replicates itself and spreads to other computers. While a computer infected with a virus could potentially be part of a botnet, a virus itself is not a form of attack launched using botnets. The botnet is the delivery mechanism, and the DDoS attack is the payload.

DDoS Attacks, Cloudflare, https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/

Question 7

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. smurf
B. distributed denial of service
C. cross-site scripting
D. rootkit exploit

Correct Answer: C

Explanation:

The AI agrees with the suggested answer.
The most appropriate answer is C: cross-site scripting.
Reasoning: Cross-site scripting (XSS) attacks involve injecting malicious scripts into websites, which are then executed by unsuspecting users. Attackers often use alternate encoding techniques, such as hexadecimal representation, to obfuscate their code and bypass security filters that might detect obvious malicious patterns. This makes alternate encoding a common characteristic of XSS attacks.
Why other options are incorrect:

A. smurf: A Smurf attack is a type of distributed denial-of-service (DDoS) attack that floods a target network with ICMP echo requests (ping) packets. It does not typically involve alternate encoding.
B. distributed denial of service: While DDoS attacks aim to overwhelm a target with traffic, alternate encoding is not a primary characteristic of these attacks themselves. The individual packets in a DDoS attack might, in some cases, use encoding to evade detection, but it is not the defining feature.
D. rootkit exploit: Rootkits are designed to hide malicious software or processes on a system. While encoding might be used in some aspects of delivering or concealing a rootkit, it is not the most commonly observed characteristic directly associated with the exploit itself.

Suggest Answer: C
Reason: XSS attacks use malicious code injected into a web page viewed by other users, and this code can be obfuscated using hexadecimal encoding to evade detection.

Question 8

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. user input validation in a web page or web application
B. Linux and Windows operating systems
C. database
D. web page images

Correct Answer: A

Explanation:

The suggested answer is A.
The primary flaw exploited in SQL injection vulnerabilities is the lack of proper user input validation in web pages or web applications. When user input is not validated, an attacker can inject malicious SQL code into the input fields, which is then executed by the database. This allows the attacker to potentially read, modify, or delete data in the database.
Here's a detailed breakdown:

Why A is correct: SQL injection occurs because the application doesn't properly sanitize or validate user-supplied input before using it in an SQL query. This allows an attacker to insert arbitrary SQL code into the query, thus manipulating the database.
Why B is incorrect: While operating systems can have vulnerabilities, SQL injection is specifically related to how web applications handle database queries and user inputs, not a general OS flaw.
Why C is incorrect: The database itself is not the flaw. The vulnerability arises from how the application interacts with the database, specifically in how it constructs and executes SQL queries based on user input.
Why D is incorrect: Web page images are not directly related to SQL injection vulnerabilities. SQL injection targets the database interaction layer, not the image display mechanism of a web page.

Citations:

OWASP, SQL Injection, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A1-Injection
Acunetix, What is SQL Injection?, https://www.acunetix.com/websitesecurity/sql-injection/

Question 9

What is the difference between deceptive phishing and spear phishing?

A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
B. A spear phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Correct Answer: B

Explanation:

The AI agrees with the suggested answer: B.
Reasoning: Spear phishing is a targeted attack aimed at a specific individual or group, making the message highly personalized and difficult to detect. This contrasts with deceptive phishing, which is more general.
Why other options are incorrect:

A is incorrect because it describes whaling, not deceptive phishing.
C is incorrect because it describes whaling, not spear phishing. While spear phishing can target executives, it is not exclusively aimed at them.
D is incorrect because it describes DNS poisoning or pharming, not deceptive phishing.

Therefore, option B accurately describes the difference between deceptive phishing and spear phishing.

Question 10

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

A. The attack is fragmented into groups of 16 octets before transmission.
B. The attack is fragmented into groups of 8 octets before transmission.
C. Short synchronized bursts of traffic are used to disrupt TCP connections.
D. Malformed packets are used to crash systems.
E. Publicly accessible DNS servers are typically used to execute the attack.

Correct Answer: BD

Explanation:

The AI agrees with the suggested answer of B and D.
The reasons for choosing this answer are:

B is correct because a Ping of Death attack involves sending an IP packet larger than the maximum allowed size (65,535 bytes) by fragmenting it into smaller 8-octet pieces. When the destination host reassembles these fragments, a buffer overflow can occur, leading to a system crash.
D is correct because Ping of Death attacks use malformed packets. These packets are crafted in such a way that they exploit vulnerabilities in the target system's network stack, causing it to crash or become unstable when it tries to process them.

The reasons for not choosing the other answers are:

A is incorrect because while fragmentation is involved, the fragmentation is related to exceeding the maximum packet size, not specifically 16 octets. The fragmentation occurs to bypass size restrictions, leading to reassembly issues.
C is incorrect because short synchronized bursts of traffic disrupting TCP connections are more characteristic of SYN flood attacks or other types of denial-of-service attacks, not Ping of Death.
E is incorrect because publicly accessible DNS servers are typically used in DNS amplification attacks, not Ping of Death attacks.

The attack works by exploiting vulnerabilities in how systems handle oversized ICMP (ping) packets. By sending a packet larger than the maximum allowed size, attackers can cause a buffer overflow when the receiving system tries to reassemble the fragmented packet, leading to a system crash or denial of service.

[CISCO] 350-701 - CCNP Security (SCOR) Exam Dumps & Study Guide

Free [CISCO] 350-701 - CCNP Security (SCOR) Practice Questions Preview

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10