Cisco 350-701 Exam Dumps & Practice Test Questions

Question 1:

In a Software-Defined Networking (SDN) setup, which components communicate using southbound APIs?

A. SDN controller and the network elements
B. Management console and the SDN controller
C. Management console and the cloud
D. SDN controller and the cloud

Answer: A

Explanation:

Software-Defined Networking (SDN) separates the control plane, which makes network decisions, from the data plane, which forwards traffic. The central piece of the control plane is the SDN controller, which manages and programs the underlying network devices like switches and routers. Communication between the SDN controller and these network elements happens through what are called southbound APIs.

Southbound APIs are specialized interfaces that allow the SDN controller to send configuration commands, policies, and instructions directly to network hardware in the data plane. Examples of such APIs include OpenFlow and NETCONF. These APIs facilitate the controller’s ability to dynamically manage and modify the behavior of physical network devices in real-time, allowing for flexibility and centralized control.

On the other hand, northbound APIs handle communication between the SDN controller and higher-level systems, such as network management consoles, orchestration tools, or cloud platforms. These APIs enable applications and administrators to interact with the SDN controller for tasks like network analytics, policy definition, and automation, but they do not directly control the hardware devices.

Option A correctly identifies the pair of components connected via southbound APIs — the SDN controller and network elements. The other options involve either management consoles or cloud platforms, which use northbound APIs to communicate with the SDN controller, not southbound ones.

In summary, southbound APIs are crucial for the SDN controller’s direct interaction with the network devices, enabling efficient, programmable network management at the hardware level. This design is what differentiates SDN from traditional networking, allowing for better network agility and centralized control.

Question 2:

Which two HTTP methods are supported for interacting with the Cisco ASA REST API? (Select two.)

A. PUT
B. OPTIONS
C. GET
D. PUSH
E. CONNECT

Answer: A, C

Explanation:

The Cisco ASA (Adaptive Security Appliance) uses a REST API to allow programmatic access for managing firewall configurations, VPN settings, and other security features. REST APIs are built on HTTP methods, which define the kind of operations that can be performed on resources exposed by the API.

Two important HTTP methods supported by Cisco ASA’s REST API are GET and PUT:

• GET is used to request data from the ASA device. This method retrieves information such as current firewall rules, status of VPN tunnels, or system health metrics. Since GET is a read-only operation, it does not modify the device’s configuration but simply provides a snapshot of the current state. This method is essential for monitoring and auditing purposes.

• PUT is used to update existing resources or create new configurations on the ASA device. For example, you might use PUT to change firewall policies, update IP address assignments, or modify access rules. PUT is a write operation that changes the system state and allows administrators to automate configuration management effectively.

Other options like OPTIONS, PUSH, and CONNECT are not typically used or supported for direct interaction with the ASA REST API. OPTIONS is used for discovering supported methods but doesn’t manipulate resources. PUSH is not a standard HTTP method, and CONNECT is used for proxy connections, which are unrelated to RESTful resource manipulation.

By supporting GET and PUT, the Cisco ASA REST API provides a balanced set of operations for securely retrieving information and modifying configurations, enabling automation and integration into larger network management frameworks.

Question 3:

In Software-Defined Networking (SDN) architecture, what is the main role of northbound APIs? Specifically, which two network components do they enable communication between?

A. SDN controller and the cloud
B. Management console and the SDN controller
C. Management console and the cloud
D. SDN controller and the management solution

Answer: B

Explanation:

In an SDN architecture, the network is divided into distinct layers or planes: the data plane, control plane, and application plane. The SDN controller resides in the control plane and manages the data plane, which consists of network devices such as switches and routers. The application plane consists of higher-level management or orchestration tools, often presented through a management console.

Northbound APIs are the interfaces that connect the SDN controller to these higher-level applications, such as a management console or orchestration platforms. They enable these applications to communicate with the controller to retrieve network state information, send configuration commands, and automate network management tasks. This means that administrators and applications can programmatically control network policies, traffic flows, and monitoring through these APIs.

Thus, the primary function of northbound APIs is to facilitate communication between the management console and the SDN controller, allowing network administrators to configure and monitor the network in a centralized and automated manner.

Other options are less accurate because:

• Option A suggests a direct interface between the SDN controller and the cloud, which is not the typical role of northbound APIs. Cloud integration might exist but is outside the northbound API scope.

• Option C incorrectly pairs the management console directly with the cloud, bypassing the controller.

• Option D, while close, is less precise because the term “management console” better captures the user-facing interface, which uses the northbound APIs to communicate with the controller.

Overall, northbound APIs are essential for the programmability and flexibility of SDN, enabling automation and centralized control.

Question 4:

Which feature best exemplifies the open platform capabilities of Cisco DNA Center?

A. Application adapters
B. Domain integration
C. Intent-based APIs
D. Automation adapters

Answer: C

Explanation:

Cisco DNA Center is a leading network management platform designed to automate and simplify network operations through a software-driven approach. One of its key strengths is its open platform capabilities, which allow integration, automation, and customization via APIs.

Among these capabilities, intent-based APIs stand out as the foundational feature. Intent-based networking means that administrators express their desired outcomes (intents) rather than manually configuring every device. These APIs let users specify high-level policies and goals, such as network segmentation or performance parameters. Cisco DNA Center then automatically translates these intents into low-level device configurations, policies, and monitoring rules, ensuring that the network’s state matches the administrator’s goals.

Intent-based APIs facilitate automation and orchestration, reducing manual errors and speeding up deployment. They also provide programmability, allowing third-party tools or custom applications to integrate tightly with Cisco DNA Center.

Other options are related but not as central:

• Application adapters connect external applications but do not fundamentally define Cisco DNA Center’s open platform.

• Domain integration deals with connecting different network domains (e.g., campus, branch) but isn’t the core open platform feature.

• Automation adapters support automation but are more specific components, whereas intent-based APIs provide the broad programmable interface necessary for comprehensive network automation.

In summary, intent-based APIs are the cornerstone of Cisco DNA Center’s open platform, enabling IT teams to move from manual device management to high-level, automated network control that aligns with business objectives.

Question 5:

Based on the provided diagram, what is the primary function of the API when it interacts with a Cisco security appliance?

A. It implements an SNMP pull system to manage Cisco Advanced Malware Protection (AMP).
B. It collects telemetry data from Cisco AMP for endpoints.
C. It retrieves process and PID details from networked computers.
D. It gathers network interface details from the computers monitored by Cisco AMP.

Correct Answer: B

Explanation:

When an API integrates with a Cisco security appliance like Cisco Advanced Malware Protection (AMP) for Endpoints, its main role is to facilitate data exchange between the security device and external systems such as security dashboards, management platforms, or SIEMs. The API enables these systems to extract vital telemetry information, which includes endpoint status, threat details, and behavioral insights.

Option A is incorrect because SNMP (Simple Network Management Protocol) is traditionally used for monitoring network devices like routers and switches, rather than endpoint security solutions like Cisco AMP. SNMP’s pull mechanism does not typically apply to AMP’s API communications.

Option B is correct since the API’s core purpose in Cisco AMP for Endpoints is to collect telemetry data from protected devices. This telemetry can include data on files, processes, network behaviors, and detected threats. The API allows security teams to gain real-time insights into endpoint activities and security events, enhancing threat detection and incident response capabilities.

Option C is partially related but not fully accurate. While AMP can track processes and PIDs on endpoints, the API generally handles a broader range of telemetry data beyond just these details. The API’s scope is more comprehensive than simply fetching process-level information.

Option D is incorrect because while network interface data may be part of the endpoint’s overall profile, the API’s main focus is on security telemetry rather than detailed network interface metrics alone.

In summary, the API’s key role is to collect network telemetry information from Cisco AMP for endpoints, enabling enhanced visibility and proactive security management.

Question 6:

Which kind of cyberattack is most commonly executed using a network of compromised devices known as a botnet?

A. TCP Flood
B. Distributed Denial of Service (DDoS)
C. Denial of Service (DoS)
D. Virus

Correct Answer: B

Explanation:

A botnet consists of numerous compromised devices (bots or zombies) that an attacker controls, often without the device owners' awareness. This network of hijacked devices is frequently employed to conduct large-scale cyberattacks, with Distributed Denial of Service (DDoS) being the most prevalent.

Option A, TCP Flood, is a specific type of DoS attack involving overwhelming a server with TCP packets. While botnets can launch TCP floods, this attack type is just one variant within the broader category of DDoS attacks. Therefore, TCP flood is more of a subset than the typical primary use of botnets.

Option B is correct because a Distributed Denial of Service attack involves overwhelming a target system with a massive volume of traffic from multiple sources. Botnets enable attackers to amplify the scale and complexity of these attacks by sending traffic from hundreds or thousands of infected devices simultaneously. This distributed nature makes DDoS attacks harder to defend against compared to single-source attacks.

Option C, Denial of Service (DoS), generally refers to attacks originating from a single device or source. While botnets can perform DoS attacks, their power lies in distribution, which is what differentiates DDoS from DoS.

Option D, Virus, refers to malicious software designed to replicate and spread. Viruses can be used to build botnets by infecting devices, but the virus itself is not an attack type; rather, it’s a method of infection.

In conclusion, botnets are predominantly used to execute Distributed Denial of Service (DDoS) attacks, leveraging many compromised devices to disrupt services and overwhelm targets on a large scale.

Question 7:

Which kind of cyberattack commonly involves the use of alternate encoding techniques, such as hexadecimal representation, to evade detection?

A. Smurf
B. Distributed Denial of Service (DDoS)
C. Cross-Site Scripting (XSS)
D. Rootkit Exploit

Answer: C

Explanation:

The attack that frequently uses alternate encoding methods like hexadecimal to bypass security filters is Cross-Site Scripting (XSS). XSS is a vulnerability found in web applications where an attacker injects malicious scripts into web pages that other users view. These scripts can steal session cookies, deface web content, or redirect users to malicious sites. To avoid detection by security tools such as web application firewalls or input validation filters, attackers often encode their payloads in alternate formats, including hexadecimal, Unicode, or URL encoding.

This encoding helps obfuscate the malicious code, making it harder for security systems to identify and block the threat. For example, encoding the characters of a script tag in hexadecimal means the filter won't see the recognizable "<script>" keyword, allowing the payload to slip through and execute in a victim’s browser.

In contrast, the other options do not commonly use this encoding approach. Smurf attacks (A) are a type of Denial of Service (DoS) that floods a network with ICMP packets using a spoofed source IP. They focus on overwhelming targets with traffic rather than code obfuscation. Distributed Denial of Service (DDoS) (B) also floods targets with traffic but doesn't rely on encoding payloads. Rootkit exploits (D) focus on stealthy malware installation to maintain privileged access and generally do not depend on alternate text encoding methods like hexadecimal.

Thus, XSS stands out because it actively uses encoding to trick web defenses and inject harmful scripts into web applications, making option C the correct choice.

Question 8:

What fundamental vulnerability do attackers exploit when performing SQL injection attacks on websites or web applications?

A. Lack of proper user input validation
B. Security flaws in operating systems like Linux or Windows
C. Weaknesses within the database software itself
D. Issues related to image files on web pages

Answer: A

Explanation:

SQL injection attacks exploit a critical weakness in web applications—insufficient validation or sanitization of user input before it is included in database queries. This vulnerability allows attackers to insert malicious SQL commands into input fields, such as login forms, search bars, or URL parameters. When the application directly incorporates these inputs into SQL statements without proper checks, the database executes the attacker’s code, potentially exposing or modifying sensitive data.

Proper user input validation ensures that only expected, safe data is passed to SQL queries, preventing malicious commands from executing. For example, without validation, an attacker might enter ‘ OR 1=1 -- in a login form, which could trick the database into granting access by manipulating the query logic to always return true.

While the database itself (C) can have weaknesses, SQL injection primarily targets the way applications build queries, not the database software’s internal flaws. Operating system vulnerabilities (B) and issues with images on web pages (D) are unrelated to how SQL injection works.

In summary, SQL injection arises because the application fails to treat user input as untrusted data, enabling attackers to control backend queries. The cornerstone of preventing SQL injection is robust input validation and parameterized queries. Therefore, option A correctly identifies the exploited weakness.

Question 9:

How does spear phishing differ fundamentally from deceptive phishing?

A. Deceptive phishing targets a specific executive in an organization.
B. Spear phishing is directed at a single individual instead of multiple targets.
C. Spear phishing attacks focus exclusively on C-level executives.
D. Deceptive phishing involves DNS hijacking to redirect victims to fraudulent websites.

Correct Answer: B

Explanation:

Phishing is a widespread cyberattack technique where attackers try to trick victims into revealing sensitive information such as passwords or financial data. Among the various types of phishing, deceptive phishing and spear phishing are commonly discussed due to their differing targeting approaches.

Deceptive phishing is a broad attack strategy. It usually involves sending generic, mass emails to a large audience, often pretending to be from trusted entities like banks or online services. These emails aim to deceive recipients into clicking malicious links or submitting credentials on fake websites. Because deceptive phishing targets many people at once, the messages tend to be impersonal and generic.

In contrast, spear phishing is a highly targeted form of phishing. Attackers focus on a particular individual or organization and craft personalized messages that often include specific details about the victim, making the deception more believable. This method increases the chances that the victim will fall for the scam. Spear phishing is frequently aimed at valuable targets such as company executives, employees with access to confidential data, or IT personnel.

The key difference is that spear phishing zeroes in on a specific person or a small group with tailored content, whereas deceptive phishing broadly targets large numbers of people with generic messages.

Option B correctly highlights this fundamental distinction: spear phishing attacks focus on individual targets, making them more sophisticated and potentially more dangerous.

Options A and C incorrectly narrow the scope of deceptive phishing or spear phishing to executives only, which is not universally true. Option D confuses phishing techniques with DNS hijacking, which is a different type of attack altogether.

Question 10:

Which two features best describe the nature of a Ping of Death (PoD) attack? (Select two)

A. The attack fragments data into 16-octet segments before sending.
B. The attack fragments data into 8-octet segments before sending.
C. It sends short bursts of traffic that disrupt TCP connections.
D. It uses malformed packets designed to crash the target system.
E. It commonly exploits publicly accessible DNS servers to launch the attack.

Correct Answers: D, C

Explanation:

A Ping of Death (PoD) is a classic Denial of Service (DoS) attack that exploits vulnerabilities in the way certain operating systems process ICMP (Internet Control Message Protocol) echo request packets, commonly known as "ping" packets.

In this attack, the attacker sends malformed or oversized ICMP packets that exceed the target system’s buffer capacity. Because many systems expect ICMP packets of a certain size, receiving one that is excessively large or improperly formatted causes the system to crash, freeze, or reboot. This is why malformed packets designed to crash systems (D) are a defining characteristic of the Ping of Death.

Additionally, the attacker often sends these packets in short bursts (C) to overwhelm the target’s ability to maintain normal TCP connections. These bursts flood the network, causing service disruptions and making the system unavailable to legitimate users.

Options A and B reference fragment sizes (octets), but these specific fragmentation details are not characteristic or necessary conditions of Ping of Death attacks. Rather, PoD focuses on malformed packets, not particular fragment sizes.

Option E incorrectly associates the attack with publicly accessible DNS servers, which is more relevant to DNS amplification or reflection attacks, not Ping of Death.

Thus, the critical features that define a Ping of Death attack are its use of malformed ICMP packets to crash systems and the tactic of sending bursts of traffic to disrupt normal TCP connections.