350-701 Free Practice Test

- (Exam Topic 2)
Refer to the exhibit.

Which type of authentication is in use?

1. A. LDAP authentication for Microsoft Outlook
2. B. POP3 authentication
3. C. SMTP relay server authentication
4. D. external user and relay mail authentication

Correct Answer: A
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118844-technoteesa-00.htmlThe exhibit in this Qshows a successful TLS connection from the remote host (reception) in the mail log.

- (Exam Topic 3)
Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other interoperable security platforms?

1. A. IEEE
2. B. IETF
3. C. NIST
4. D. ANSI

Correct Answer: B

- (Exam Topic 2)
What is the difference between Cross-site Scripting and SQL Injection, attacks?

1. A. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
2. B. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
3. C. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
4. D. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Correct Answer: A
Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.Answer C is not correct because the statement “Cross-site Scripting is when executives in a corporation are attacked” is not true. XSS is a client-side vulnerability that targets other application users.Answer D is not correct because the statement “Cross-site Scripting is an attack where code is executed from the server side”. In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client’s side.Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites whereattackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POSTparameters.Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

- (Exam Topic 3)
How does Cisco Umbrella protect clients when they operate outside of the corporate network?

1. A. by modifying the registry for DNS lookups
2. B. by using Active Directory group policies to enforce Cisco Umbrella DNS servers
3. C. by using the Cisco Umbrella roaming client
4. D. by forcing DNS queries to the corporate name servers

Correct Answer: C

- (Exam Topic 3)
Refer to the exhibit.

Consider that any feature of DNS requests, such as the length off the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?

1. A. Spectre Worm
2. B. Eternal Blue Windows
3. C. Heartbleed SSL Bug
4. D. W32/AutoRun worm

Correct Answer: D