Cisco Updated 350-701 Exam Questions and Answers by shanaya

Explanation

Explanation

You can also monitor on-premises networks in your organizations using Cisco Stealthwatch Cloud. In order to do so, you need to deploy at least one Cisco Stealthwatch Cloud Sensor appliance (virtual or physical appliance).

A SQL injection attack is a type of attack that exploits a vulnerability in a web application that uses user-supplied data to construct SQL statements that interact with a database. By inserting malicious commands into the database, an attacker can execute arbitrary SQL queries or commands on the database server, which may result in data theft, data manipulation, or command execution. Machine 1 is vulnerable to SQL injection because it does not properly validate or sanitize the user input before using it in a SQL statement. Therefore, inserting malicious commands into the database would allow the attacker to gain access to machine 1.

A buffer overflow attack is a type of attack that exploits a vulnerability in a program that does not check the boundaries of a buffer (a temporary storage area for data) before copying data into it. By overflowing the buffer’s memory, an attacker can overwrite adjacent memory locations, which may result in corrupting data, crashing the program, or executing malicious code. Machine 2 is vulnerable to buffer overflow because it does not properly handle the size or length of the data that it receives from the user or another source. Therefore, overflowing the buffer’s memory would allow the attacker to gain access to machine 2.

Sniffing the packets between the two hosts is a passive attack that involves capturing and analyzing the network traffic that flows between the two machines. This attack may reveal sensitive information, such as credentials, session tokens, or database queries, but it does not directly allow the attacker to gain access to either machine. Sending continuous pings is a type of denial-of-service attack that involves flooding the target machine with ICMP echo request packets, which may consume its network bandwidth or processing resources, but it does not directly allow the attacker to gain access to either machine. Therefore, neither sniffing the packets nor sending continuous pings would allow the attacker to gain access to machine 1 but not machine 2. References :=

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Web Security, SQL Injection Attacks

Understanding SQL Injection - Cisco, SQL Injection Explained

Buffer Overflow and SQL Injection: To Remotely Attack and … - Springer, Buffer Overflow and SQL Injection Attacks

Using an Internet browser to access cloud-based service creates the risk of insecure implementation of API. API stands for Application Programming Interface, which is a set of rules and protocols that allow different applications or services to communicate and exchange data. API is often used to access cloud-based service, such as software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS). However, if the API is not implemented securely, it can expose sensitive data or allow unauthorized access to the cloud service. For example, an API may not use encryption, authentication, or authorization mechanisms to protect the data in transit or at rest. An API may also have vulnerabilities such as injection, broken authentication, or insufficient logging and monitoring, which can be exploited by attackers to compromise the cloud service or the user’s browser. Therefore, it is important to follow the best practices and standards for secure API development and testing, such as OWASP API Security Top 10. References:

1: Implementing and Operating Cisco Security Core Technologies (SCOR) - Cisco

2: 350-701 SCOR - Cisco

3: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0

4: 12 Cloud Security Issues: Risks, Threats & Challenges - CrowdStrike

5: 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud - SEI Blog

6: Remote Browser Isolation Protects Users from Threats - Cisco Umbrella

7: Which risk is created when using an Internet browser to access cloud-based service?

8: Browser in the Cloud: The Evolution of Secure Browsing - Leostream

[9]: OWASP API Security Top 10 2023

Cisco Umbrella groups harmful destinations into categories of security threat, such as Malware, Command Control Callbacks, Phishing Attacks, Dynamic DNS, Potentially Harmful Domains, DNS Tunneling VPN, and Cryptomining1. When web policies are configured in Cisco Umbrella, the security category blocking provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats. By enabling or disabling these categories, the administrator can control the identity access to these destinations and protect the network from malicious traffic2. References: 1: Security Categories - Umbrella User Guide 2: Manage Security Settings - Umbrella User Guide