- Email support@dumps4free.com
Topic 2: Exam Pool B
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs?
(Choose two)
A.
SDP
B.
LDAP
C.
subordinate CA
D.
SCP
E.
HTTP
LDAP
HTTP
Under which two circumstances is a CoA issued? (Choose two)
A.
A new authentication rule was added to the policy on the Policy Service node.
B.
An endpoint is deleted on the Identity Service Engine server.
C.
A new Identity Source Sequence is created and referenced in the authentication policy
D.
An endpoint is profiled for the first time.
E.
A new Identity Service Engine server is added to the deployment with the Administration persona
An endpoint is deleted on the Identity Service Engine server.
An endpoint is profiled for the first time.
ExplanationThe profiling service issues the change of authorization in the
following cases:– Endpoint deleted—When an endpoint is deleted from the Endpoints
page and the endpoint is disconnectedor removed from the network.An exception action is
configured—If you have an exception action configured per profile that leads to anunusual
or an unacceptable event from that endpoint. The profiling service moves the endpoint to
thecorresponding static profile by issuing a CoA.– An endpoint is profiled for the first
time—When an endpoint is not statically assigned and profiled for the first time; for
example, the profile changes from an unknown to a known profile.+ An endpoint identity
group has changed—When an endpoint is added or removed from an endpoint identity
group that is used by an authorization policy.The profiling service issues a CoA when there
is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-
1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html
What is a function of 3DES in reference to cryptography?
A.
It hashes files
B.
It creates one-time use passwords.
C.
It encrypts traffic
D.
It generates private keys
It encrypts traffic
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
A.
Nexus
B.
Stealthwatch
C.
Firepower
D.
Tetration
Tetration
What is the difference between Cross-site Scripting and SQL Injection, attacks?
A.
Cross-site Scripting is an attack where code is injected into a database, whereas SQL
Injection is an attack where code is injected into a browser.
B.
Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social
engineering attack.
C.
Cross-site Scripting is when executives in a corporation are attacked, whereas SQL
Injection is when a
database is manipulated.
D.
Cross-site Scripting is an attack where code is executed from the server side, whereas
SQL Injection is an attack where code is executed from the client side.
Cross-site Scripting is an attack where code is injected into a database, whereas SQL
Injection is an attack where code is injected into a browser.
Answer B is not correct because Cross-site Scripting (XSS) is
not a brute force attack.Answer C is not correct because the statement “Cross-site
Scripting is when executives in a corporation are attacked” is not true. XSS is a client-side
vulnerability that targets other application users.Answer D is not correct because the
statement “Cross-site Scripting is an attack where code is executed from the server side”.
In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run
at client’s side.Therefore only answer A is left. In XSS, an attacker will try to inject his
malicious code (usually malicious links) into a database. When other users follow his links,
their web browsers are redirected to websites whereattackers can steal data from them. In
a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies,
or HTTP headers that do not use data sanitizing or validation methods of
GET/POSTparameters.Note: The main difference between a SQL and XSS injection attack
is that SQL injection attacks are used to steal information from databases whereas XSS
attacks are used to redirect users to websites where attackers can steal data from them.
| Page 33 out of 126 Pages |
| Previous |