Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free Cisco® 350-701 Exam Questions (page: 48)

Page 30 of 153
PDF with 612 Questions

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

  1. interpacket variation
  2. software package variation
  3. flow insight variation
  4. process details variation

Answer(s): A

Explanation:

The telemetry information consists of three types of data:
+ Flow information: This information contains details about endpoints, protocols, ports, when the flow started,
how long the flow was active, etc.
+ Interpacket variation: This information captures any interpacket variations within the flow.
Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc + Context details: Context information is derived outside the packet header. It includes details about variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.


Reference:

https://www.cisco.com/c/dam/global/en_uk/products/switches/ cisco_nexus_9300_ex_platform_switches_white_paper_uki.pdf



How is ICMP used an exfiltration technique?

  1. by flooding the destination host with unreachable packets
  2. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address
  3. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host
  4. by overwhelming a targeted host with ICMP echo-request packets

Answer(s): C



Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

  1. DNS tunneling
  2. DNSCrypt
  3. DNS security
  4. DNSSEC

Answer(s): A

Explanation:

DNS Tunneling is a method of cyber attack that encodes the data of other programs or protocols in DNS
queries and responses. DNS tunneling often includes data payloads that can be added to an attacked DNS
server and used to control a remote server and applications.



How is DNS tunneling used to exfiltrate data out of a corporate network?

  1. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.
  2. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
  3. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.
  4. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Answer(s): B

Explanation:

Domain name system (DNS) is the protocol that translates human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13. Because DNS messages are only used as the beginning of each communication and they are not intended for data transfer, many organizations do not monitor their DNS traffic for malicious activity. As a result, DNS-based attacks can be effective if launched against their networks. DNS tunneling is one such attack.

An example of DNS Tunneling is shown below:



The attacker incorporates one of many open-source DNS tunneling kits into an authoritative DNS nameserver (NS) and malicious payload.
2. An IP address (e.g. 1.2.3.4) is allocated from the attacker's infrastructure and a domain name (e.g. attackerdomain.com) is registered or reused. The registrar informs the top-level domain (.com) nameservers to refer requests for attackerdomain.com to ns.attackerdomain.com, which has a DNS

record mapped to 1.2.3.4
3. The attacker compromises a system with the malicious payload. Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, P028X977W,...).
4. The payload initiates thousands of unique DNS record requests to the attacker's domain with each string as a part of the domain name (e.g. 3KJ242AIE9.attackerdomain.com). Depending on the attacker's patience and stealth, requests can be spaced out over days or months to avoid suspicious network activity.
5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver,
6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data.


Reference:

https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0



Viewing page 48 of 153



Post your Comments and Discuss Cisco® 350-701 exam prep with other Community members:

350-701 Exam Discussions & Posts