CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 63)

Page 63 of 153
PDF with 703 Questions

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

  1. file access from a different user
  2. interesting file access
  3. user login suspicious behavior
  4. privilege escalation

Answer(s): C

Explanation:

The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.

+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.


Reference:

https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration- analytics/whitepaper-c11-740380.html



Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

  1. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval.
  2. Use EEM to have the ports return to service automatically in less than 300 seconds.
  3. Enter the shutdown and no shutdown commands on the interfaces.
  4. Enable the snmp-server enable traps command and wait 300 seconds
  5. Ensure that interfaces are configured with the error-disable detection and recovery feature

Answer(s): C,E

Explanation:

You can also bring up the port by using these commands:
+ The "shutdown" interface configuration command followed by the "no shutdown" interface configuration command restarts the disabled port.
+ The "errdisable recovery cause ..." global configuration command enables the timer to automatically recover error-disabled state, and the "errdisable recovery interval interval" global configuration command specifies the time to recover error-disabled state.



What is the difference between Cross-site Scripting and SQL Injection, attacks?

  1. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
  2. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
  3. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
  4. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Answer(s): A

Explanation:

Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack. Answer C is not correct because the statement "Cross-site Scripting is when executives in a corporation are attacked" is not true. XSS is a client-side vulnerability that targets other application users.
Answer D is not correct because the statement "Cross-site Scripting is an attack where code is executed from the server side". In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client's side.
Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database.
When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST
parameters.
Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.



A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network.
Where should the administrator begin troubleshooting to verify the authentication details?

  1. Adaptive Network Control Policy List
  2. Context Visibility
  3. Accounting Reports
  4. RADIUS Live Logs

Answer(s): D

Explanation:

How To Troubleshoot ISE Failed Authentications & Authorizations Check the ISE Live Logs
Login to the primary ISE Policy Administration Node (PAN).
Go to Operations > RADIUS > Live Logs
(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports >

Endpoints and Users > RADIUS Authentications
Check for Any Failed Authentication Attempts in the Log


Reference:

https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-failed- authenticationsamp/ta-p/3630960



Page 63 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote