《思科网络工程师题库1.pdf》由会员分享,可在线阅读,更多相关《思科网络工程师题库1.pdf(62页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、CCNP/CCIE SecuritySCOR思科网络工程师题库1QI.In which form of attack is alternate encoding,such as hexadecimal representation,most oftenobserved?A.SmurfB.distributed denial of serviceC.cross-site scriptingD.rootkit exploitAnswer:CExplanation:Cross site scripting(also known as XSS)occurs when a web application
2、 gathers malicious data from auser.The data is usually gathered in the form of a hyperlink which contains malicious content withinit.The user will most likely click on this link from another website,instant message,or simply justreading a web board or email message.Usually the attacker will encode t
3、he malicious portion of the link to the site in HEX(or other encodingmethods)so the request is less suspicious looking to the user when clicked on.For example the codebelow is written in hex:Click Hereis equivalent to:Click HereNote:In the format&#xhhhh,hhhh is the code point in hexadecimal form.Q2.
4、Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?A.user input validation in a web page or web applicationB.Linux and Windows operating systemsC.databaseD.web page imagesAnswer:AExplanation:SQL injection usually occurs when you ask a user for input,like their usernam
5、e/userid,but the usergives(injects)you an SQL statement that you will unknowingly run on your database.For example:Look at the following example,which creates a SELECT statement by adding a variable(txtUserld)toa select string.The variable is fetched from user input(getRequestString):txtUserld=getRe
6、questString(Userld);txtSQL=SELECT*FROM Users WHERE Userid=+txtUserld;If user enter something like this:100OR 1=1 then the SQL statement will look like this:SELECT*FROM Users WHERE Userid=100 OR 1=1;The SQL above is valid and will return ALL rows from the Users table,since OR 1=1 is always TRUE.A hac
7、ker might get access to all the user names and passwords in this database.Q3.Which two prevention techniques are used to mitigate SQL injection attacks?(Choose two)A.Check integer,float,or Boolean string parameters to ensure accurate values.B.Use prepared statements and parameterized queries.C.Secur
8、e the connection between the web and the app tier.D.Write SQL code instead of using object-relational mapping libraries.E.Block SQL code execution in the web application database login.Answer:ABQ4.Which two endpoint measures are used to minimize the chances of falling victim to phishing andsocial en
9、gineering attacks?(Choose two)A.Patch for cross-site scripting.B.Perform backups to the private cloud.C.Protect against input validation and character escapes in the endpoint.D.Install a spam and virus email filter.E.Protect systems with an up-to-date antimalware program.Answer:DEExplanation:Phishin
10、g attacks are the practice of sending fraudulent communications that appear to come from areputable source.It is usually done through email.The goal is to steal sensitive data like credit cardand login information,or to install malware on the victims machine.Q5.Which two mechanisms are used to contr
11、ol phishing attacks?(Choose two)A.Enable browser alerts for fraudulent websites.B.Define security group memberships.C.Revoke expired CRL of the websites.D.Use antispyware software.E.Implement email filtering techniques.Answer:AEQ6.Which two behavioral patterns characterize a ping of death attack?(Ch
12、oose two)A.The attack is fragmented into groups of 16 octets before transmission.B.The attack is fragmented into groups of 8 octets before transmission.C.Short synchronized bursts of traffic are used to disrupt TCP connections.D.Malformed packets are used to crash systems.E.Publicly accessible DNS s
13、ervers are typically used to execute the attack.Answer:BDExplanation:Ping of Death(PoD)is a type of Denial of Service(DoS)attack in which an attacker attempts to crash,destabilize,or freeze the targeted computer or service by sending malformed or oversized packetsusing a simple ping command.A correc
14、tly-formed ping packet is typically 56 bytes in size,or 64 bytes when the ICMP header isconsidered,and 84 including Internet Protocol version 4 header.However,any IPv4 packet(includingpings)may be as large as 65,535 bytes.Some computer systems were never designed to properlyhandle a ping packet larg
15、er than the maximum packet size because it violates the Internet Protocoldocumented Like other large but well-formed packets,a ping of death is fragmented into groups of8 octets before transmission.However,when the target computer reassembles the malformed packet,a buffer overflow can occur,causing
16、a system crash and potentially allowing the injection ofmaliciouscode.Q7.Which two preventive measures are used to control cross-site scripting?(Choose two)A.Enable client-side scripts on a per-domain basis.B.Incorporate contextual output encoding/escaping.C.Disable cookie inspection in the HTML ins
17、pection engine.D.Run untrusted HTML input through an HTML sanitization engine.E.Same Site cookie attribute should not be used.Answer:ABQ8.What is the difference between deceptive phishing and spear phishing?A.Deceptive phishing is an attacked aimed at a specific user in the organization who holds a
18、C-levelrole.B.A spear phishing campaign is aimed at a specific person versus a group of people.C.Spear phishing is when the attack is aimed at the C-level executives of an organization.D.Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the userto a false webpage.
19、Answer:BExplanation:In deceptive phishing,fraudsters impersonate a legitimate company in an attempt to steal peoplespersonal data or login credentials.Those emails frequently use threats and a sense of urgency to scareusers into doing what the attackers want.Spear phishing is carefully designed to g
20、et a single recipient to respond.Criminals select an individualtarget within an organization,using social media and other public information and craft a fake emailtailored for that person.Q9.Which attack is commonly associated with C and C+programming languages?A.cross-site scriptingB.water holingC.
21、DDoSD.buffer overflowAnswer:DExplanation:A buffer overflow(or buffer overrun)occurs when the volume of data exceeds the storage capacity ofthe memory buffer.As a result,the program attempting to write the data to the buffer overwritesadjacent memory locations.Buffer overflow is a vulnerability in lo
22、w level codes of C and C+.An attacker can cause the programto crash,make data corrupt,steal some private information or run his/her own code.It basically meansto access any buffer outside of its alloted memory space.This happens quite frequently in the case ofarrays.QlO.What is a language format des
23、igned to exchange threat intelligence that can be transportedover the TAXII protocol?A.STIXB.XMPPC.pxGridD.SMTPAnswer:AExplanation:TAXII(Trusted Automated Exchange of Indicator Information)is a standard that provides a transportmechanism(data exchange)of cyber threat intelligence information in STIX
24、(Structured ThreatInformation eXpression)format.In other words,TAXII servers can be used to author and exchangeSTIX documents among participants.STIX(Structured Threat Information eXpression)is a standardized language which has been developedin a collaborative way in order to represent structured in
25、formation about cyber threats.It has been developed so it can be shared,stored,and otherwise used in a consistent manner thatfacilitates automation and human assisted analysis.Qll.W hich two capabilities does TAXI I support?(Choose two)A.ExchangeB.Pull messagingC.BindingD.CorrelationE.MitigatingAnsw
26、er:BCExplanation:The Trusted Automated eXchangeof Indicator Information(TAXII)specifies mechanisms forexchanging structured cyber threat information between parties over the network.TAXII exists toprovide specific capabilities to those interested in sharing structured cyber threat information.TAXII
27、Capabilities are the highest level at which TAXII actions can be described.There are threecapabilities that this version of TAXII supports:push messaging,pull messaging,and discovery.Although there is no binding capability in the list but it is the best answer here.Q12.Which two risks is a company v
28、ulnerable to if it does not have a well-established patchingsolution for endpoints?(Choose two)A.exploitsB.ARP spoofingC.denial-of-service attacksD.malwareE.eavesdroppingAnswer:ADExplanation:Malware means malicious software,is any software intentionally designed to cause damage to acomputer,server,c
29、lient,or computer network.The most popular types of malware includes viruses,ransomware and spyware.Virus Possibly the most common type of malware,viruses attach their malicious code to clean codeand wait to be run.Ransomware is malicious software that infects your computer and displays messages dem
30、anding a feeto be paid in order for your system to work again.Spy ware is spying software that can secretly record everything you enter,upload,download,and storeon your computers or mobile devices.Spy ware always tries to keep itself hidden.An exploit is a codethat takes advantage of a software vuln
31、erability or security flaw.Exploits and malware are two risks forendpoints that are not up to date.ARP spoofing and eavesdropping are attacks against the networkwhile denial-of-service attack is based on the flooding of IP packets.Q13.Which PKI enrollment method allows the user to separate authentic
32、ation and enrollment actionsand also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?A.urlB.terminalC.profileD.selfsignedAnswer:CExplanation:A trustpoint enrollment mode,which also defines the trustpoint authentication mode,can beperformed via 3 main method
33、s:1.Terminal Enrollment manual method of performing trustpoint authentication and certificateenrolment using copy-paste in the CLI terminal.2.SCEP Enrollment Trustpoint authentication and enrollment using SCEP over HTTP.3.Enrollment Profile Here,authentication and enrollment methods are defined sepa
34、rately.Along with terminal and SCEP enrollment methods,enrollment profiles provide an option to specifyHTTP/TFTP commands to perform file retrieval from the Server,which is defined using anauthentication or enrollment url under the profile.Reference:https:/ S-PKI-D eployment-Guide-lnitial-Design.htm
35、lQ14.What are two rootkit types?(Choose two)A.registryB.virtualC.bootloaderD.user modeE.buffer modeAnswer:CDExplanation:The term rootkit originally comes from the Unix world,where the word root is used to describe auser with the highest possible level of access privileges,similar to an Administrator
36、 in Windows.Theword kit refers to the software that grants root-level access to the machine.Put the two together andyou get rootkit,a program that gives someone with legitimate or malicious intentions privilegedaccess to a computer.There are four main types of rootkits:Kernel rootkits,User mode root
37、kits,Bootloader rootkits,MemoryrootkitsQ15.Which form of attack is launched using botnets?A.日 DDOSB.virusC.DDOSD.TCP floodAnswer:CExplanation:A botnet is a collection of internet-connected devices infected by malware that allow hackers tocontrol them.Cyber criminals use botnets to instigate botnet a
38、ttacks,which include malicious activitiessuch as credentials leaks,unauthorized access,data theft and DDoS attacks.Q16.Which threat involves software being used to gain unauthorized access to a computer system?A.virusB.NTP amplificationC.ping of deathD.HTTP floodAnswer:AQ17.Which type of attack is s
39、ocial engineering?A.trojanB.phishingC.malwareD.MITMAnswer:BExplanation:Phishing is a form of social engineering.Phishing attacks use email or malicious web sites to solicitpersonal,often financial,information.Attackers may send email seemingly from a reputable creditcard company or financial institu
40、tion that requests account information,often suggesting that there isa problem.Q18.Which two key and block sizes are valid for AES?(Choose two)A.64-bit block size,112-bit key lengthB.64-bit block size,168-bit key lengthC.128-bit block size,192-bit key lengthD.128-bit block size,256-bit key lengthE.1
41、92-bit block size,256-bit key lengthAnswer:CDExplanation:The AES encryption algorithm encrypts and decrypts data in blocks of 128 bits(block size).It can dothis using 128-bit,192-bit,or 256-bit keys.Q19.Which two descriptions of AES encryption are true?(Choose two)A.AES is less secure than 3DES.B.AE
42、S is more secure than 3DES.C.AES can use a 168-bit key for encryption.D.AES can use a 256-bit key for encryption.E.AES encrypts and decrypts a key three times in sequence.Answer:BDQ20.Which algorithm provides encryption and authentication for data plane communication?A.B.C.D.AES-GCMSHA-96AES-256SHA-
43、384Answer:AExplanation:The data plane of any network is responsible for handling data packets that are transported acrossthe network.(The data plane is also sometimes called the forwarding plane.)Maybe this Qwants toask about the encryption and authentication in the data plane of a SD-WAN network(bu
44、t SD-WANis not a topic of the SCOR 350-701 exam?).In the Cisco SD-WAN network for unicast traffic,dataplane encryption is done by AES-256-GCM,a symmetric-key algorithm that uses the same key toencrypt outgoing packets and to decrypt incoming packets.Each router periodically generates an AESkey for i
45、ts data path(specifically,one key per TLOC)and transmits this key to the vSmart controller inOMP route packets,which are similar to IP route updates.Reference:httpsy/ ecurity-overview.htmlQ21.Elliptic curve cryptography is a stronger more efficient cryptography method meant to replacewhich current e
46、ncryption technology?A.3DESB.RSAC.DESD.AESAnswer:BExplanation:Compared to RSA,the prevalent public-key cryptography of the Internet today,Elliptic CurveCryptography(ECC)offers smaller key sizes,faster computation,as well as memory,energy andbandwidth savings and is thus better suited forsmall device
47、s.Q22.What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?A.authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXXB.authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXXC.authenticates the IKEvl pe
48、ers in the 172.16.0.0/16 range by using the key ciscXXXXXXXXD.secures all the certificates in the IKE exchange by using the key ciscXXXXXXXXAnswer:BExplanation:The syntax of above command is:crypto isakmp key enc-type-digit keystring address peer-address mask|ipv6 ipv6-address/ipv6-prefix|hostname h
49、ostname no-xauthThe peer-address argument specifies the IP or IPv6 address of the remote peer.Reference:https:/www.cisco.eom/c/en/us/td/docs/ios-xml/ios/security/al/sec-al-cr-book/sec cr-c4.html#wp6 039879Q23,Which technology must be used to implement secure VPN connectivity among companybranches ov
50、er a private IP cloud with any-to-any scalable connectivity?A.B.C.D.DMVPNFlexVPNIPsec DVTIGET VPNAnswer:DExplanation:Ciscos Group Encrypted Transport VPN(GETVPN)introduces the concept of a trusted group toeliminate point-to-point tunnels and their associated overlay routing.All group members(GMs)sha