- (Exam Topic 2)
What is the difference between Cross-site Scripting and SQL Injection, attacks?
Correct Answer:
A
Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.Answer C is not correct because the statement “Cross-site Scripting is when executives in a corporation are attacked” is not true. XSS is a client-side vulnerability that targets other application users.Answer D is not correct because the statement “Cross-site Scripting is an attack where code is executed from the server side”. In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client’s side.Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites whereattackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POSTparameters.Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.
- (Exam Topic 1)
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
Correct Answer:
BC
Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06- cisco-dna-center-aag-cte-en.html
- (Exam Topic 2)
What is a benefit of conducting device compliance checks?
Correct Answer:
B
- (Exam Topic 2)
What is provided by the Secure Hash Algorithm in a VPN?
Correct Answer:
A
Reference: https://www.ciscopress.com/articles/article.asp?p=24833&seqNum=4
- (Exam Topic 3)
Which solution detects threats across a private network, public clouds, and encrypted traffic?
Correct Answer:
A