[Security Concepts]
Which two capabilities does TAXII support? (Choose two)
A,B
Explanation:
The Trusted Automated eXchangeof Indicator Information (TAXII) specifies mechanisms for
exchanging
structured cyber threat information between parties over the network.
TAXII exists to provide specific capabilities to those interested in sharing structured cyber threat
information.
TAXII Capabilities are the highest level at which TAXII actions can be described. There are three
capabilities
that this version of TAXII supports: push messaging, pull messaging, and discovery.
Although there is no “binding” capability in the list but it is the best answer here.
[Security Concepts]
Which two risks is a company vulnerable to if it does not have a well-established patching solution
for
endpoints? (Choose two)
A,D
Explanation:
Malware means “malicious software”, is any software intentionally designed to cause damage to a
computer, server, client, or computer network. The most popular types of malware includes viruses,
ransomware and spyware. Virus Possibly the most common type of malware, viruses attach their
malicious code to clean code and wait to be run.
Ransomware is malicious software that infects your computer and displays messages demanding a
fee to be paid in order for your system to work again.
Spyware is spying software that can secretly record everything you enter, upload, download, and
store on your computers or mobile devices. Spyware always tries to keep itself hidden.
An exploit is a code that takes advantage of a software vulnerability or security flaw.
Exploits and malware are two risks for endpoints that are not up to date. ARP spoofing and
eavesdropping are attacks against the network while denial-of-service attack is based on the flooding
of IP packets.
[Secure Network Access, Visibility, and Enforcement]
Which PKI enrollment method allows the user to separate authentication and enrollment actions and
also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
C
Explanation:
A trustpoint enrollment mode, which also defines the trustpoint authentication mode, can be
performed via 3 main methods:
1. Terminal Enrollment – manual method of performing trustpoint authentication and certificate
enrolment using copy-paste in the CLI terminal.
2. SCEP Enrollment – Trustpoint authentication and enrollment using SCEP over HTTP.
3. Enrollment Profile – Here, authentication and enrollment methods are defined separately. Along
with terminal and SCEP enrollment methods, enrollment profiles provide an option to specify
HTTP/TFTP commands to perform file retrieval from the Server, which is defined using an
authentication or enrollment url under the profile.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/211333-IOSPKI-Deployment-Guide-Initial-Design.html
[Security Concepts]
What are two rootkit types? (Choose two)
C,D
Explanation:
The term ‘rootkit’ originally comes from the Unix world, where the word ‘root’ is used to describe a
user with the
highest possible level of access privileges, similar to an ‘Administrator’ in Windows. The word ‘kit’
refers to the
software that grants root-level access to the machine. Put the two together and you get ‘rootkit’, a
program that
gives someone – with legitimate or malicious intentions – privileged access to a computer.
There are four main types of rootkits: Kernel rootkits, User mode rootkits, Bootloader rootkits,
Memory rootkits
[Security Concepts]
Which form of attack is launched using botnets?
C
Explanation:
A botnet is a collection of internet-connected devices infected by malware that allow hackers to
control them.
Cyber criminals use botnets to instigate botnet attacks, which include malicious activities such as
credentials
leaks, unauthorized access, data theft and DDoS attacks.
[Security Concepts]
Which threat involves software being used to gain unauthorized access to a computer system?
A
Explanation:
A virus is a type of malware that infects a computer system by attaching itself to another program or
file. Once executed, the virus can replicate itself and spread to other files or systems. A virus can be
used to gain unauthorized access to a computer system by exploiting software vulnerabilities,
stealing credentials, or installing backdoors. A virus can also cause damage to the system by deleting,
modifying, or encrypting data, or consuming system resources. According to the Implementing and
Operating Cisco Security Core Technologies (SCOR) course, viruses are one of the most common
forms of malware and can be classified into different types based on their behavior, such as boot
sector viruses, file infectors, macro viruses, or polymorphic viruses1. Reference: 1: Implementing and
Operating Cisco Security Core Technologies (SCOR) course, Module 1: Malware Analysis, Lesson 1:
Malware Types and Characteristics, Topic: Virus.
[Security Concepts]
Which type of attack is social engineering?
B
Explanation:
Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit
personal,
often financial, information. Attackers may send email seemingly from a reputable credit card
company or
financial institution that requests account information, often suggesting that there is a problem.
[Security Concepts]
Which two key and block sizes are valid for AES? (Choose two)
C,D
Explanation:
The AES encryption algorithm encrypts and decrypts data in blocks of 128 bits (block size). It can do
this using 128-bit, 192-bit, or 256-bit keys
[Security Concepts]
Which two descriptions of AES encryption are true? (Choose two)
B,D
Explanation:
AES encryption is a symmetric block cipher algorithm that uses a single key to encrypt and decrypt
data. It is more secure than 3DES, which is an older and slower algorithm that encrypts and decrypts
a key three times in sequence. AES can use different key sizes, such as 128, 192, or 256 bits,
depending on the security level required. The longer the key, the more rounds of encryption and
decryption are performed, making it harder to break. AES encryption is based on a substitution-
permutation network, which consists of a series of operations that transform the input data into the
output data using the key. Reference :=
https://www.simplilearn.com/tutorials/cryptography-tutorial/aes-encryption
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
[Secure Network Access, Visibility, and Enforcement]
Which algorithm provides encryption and authentication for data plane communication?
A
Explanation:
The data plane of any network is responsible for handling data packets that are transported across
the network.
(The data plane is also sometimes called the forwarding plane.)
Maybe this Qwants to ask about the encryption and authentication in the data plane of a SD-WAN
network (but SD-WAN is not a topic of the SCOR 350-701 exam?).
In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a
symmetrickey algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming
packets. Each router periodically generates an AES key for its data path (specifically, one key per
TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP
route updates.
Reference:
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge/security-book/security-overview.html