Cisco 350-701 SCOR Practice Questions

The latest changes and updates from the administration for this exam.

verified

Latest Update: Jun 01 2026

All questions are working fine.

All Questions (299)bookmarkBookmarked (0)

All299Show all accessible questions in this exam.Missed299Questions you haven't attempted yet.Incorrect0Questions you answered incorrectly on your last attempt.

Question 21

How does DNS Tunneling exfiltrate data?

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

B. An attacker opens a reverse DNS shell to get into the client's system and install malware on it.

C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

D. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

Question 22

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

A. unencrypted links for traffic

B. weak passwords for authentication

C. improper file security

D. software bugs on applications

Question 23

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

A. SYN flood

B. slowloris

C. phishing

D. pharming

Question 24

Which two preventive measures are used to control cross-site scripting? (Choose two.)

Select all that apply

A. Enable client-side scripts on a per-domain basis.

B. Incorporate contextual output encoding/escaping.

C. Disable cookie inspection in the HTML inspection engine.

D. Run untrusted HTML input through an HTML sanitization engine.

E. SameSite cookie attribute should not be used.

Question 25

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death

B. HTTP flood

C. NTP amplification

D. virus

Question 26

Which two capabilities does TAXII support? (Choose two.)

Question 27

DRAG DROP -

Drag and drop the capabilities from the left onto the correct technologies on the right.

Select and Place:

Question 28

Which two key and block sizes are valid for AES? (Choose two.)

Select all that apply

A. 64-bit block size, 112-bit key length

B. 64-bit block size, 168-bit key length

C. 128-bit block size, 192-bit key length

D. 128-bit block size, 256-bit key length

E. 192-bit block size, 256-bit key length

Question 29

Which two descriptions of AES encryption are true? (Choose two.)

Select all that apply

A. AES is less secure than 3DES.

B. AES is more secure than 3DES.

C. AES can use a 168-bit key for encryption.

D. AES can use a 256-bit key for encryption.

E. AES encrypts and decrypts a key three times in sequence.

Question 30

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. STIX

B. XMPP

C. pxGrid

D. SMTP

Update History

Update History