1. Home
  2. Cisco
  3. 210-250

Cisco Cybersecurity Fundamentals

Exam Details

  • Exam Code
    :210-250
  • Exam Name
    :Cisco Cybersecurity Fundamentals
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :1157 Q&As
  • Last Updated
    :Nov 03, 2022

Cisco Cisco Certifications 210-250 Questions & Answers

  • Question 561:

    Which three apply to XSS? (Choose three.)

    A. Malicious scripts are injected into web pages and executed on the client side.

    B. A web application processes an attacker's request using the victim's authenticated session.

    C. Scripting languages used by XSS have security weaknesses.

    D. Clicking an infected link causes a malicious script to run in a background process.

  • Question 562:

    Which two are required to make SQL injection possible? (Choose two.)

    A. The application was poorly programmed.

    B. Strict security measures were followed when developing web site code.

    C. User input was not sufficiently validated.

    D. The webserver operating system has not been patched.

  • Question 563:

    Which one of the following statements best describes a command injection attack?

    A. The goal of a command injection attack is to exfiltrate data on the web server's operating system via a vulnerable web application.

    B. The goal of a command injection attack is to execute arbitrary commands on the mail server.

    C. The user enters arbitrary commands on the web server's OS via a vulnerable web application.

    D. The goal of a command injection attack is to execute arbitrary commands on the web server's OS via a vulnerable web application.

  • Question 564:

    What best describes domain shadowing?

    A. Domain shadowing provides a backup web site to redirect the user to, in the event of a compromise.

    B. Domain shadowing involves the attacker compromising a parent domain and creating multiple subdomains to be used during their attacks.

    C. Domain shadowing is the OpenDns response to a web site redirect when the HTTP 404 error code is received.

    D. Domain shadowing is a fault tolerant method that is used by developers when building and developing web-based services.

  • Question 565:

    Which two statements best explain why domain shadowing is difficult to detect? (Choose two.)

    A. The created subdomains are numerous, short lived, and random, with no discernible patterns.

    B. The attacker gains admin access to a legitimate domain, and uses that legitimate domain to register many shady subdomains.

    C. The attacker rapidly rotates a single domain to a large list of IP addresses, to avoid detection.

    D. The exploit kit landing page subdomains are usually active for a long time and branched into using both third-level and fourth-level domains (for example, brandmuellergeifiseer.astarentals.co.uk).

  • Question 566:

    What is the primary goal of an attacker when using an iFrame or HTTP 302 cushioning?

    A. help the user find the correct web page location

    B. ensure that the victim's web browser ends up on the attacker's web page, which serves out the malicious exploit to the victim

    C. offer a secure transaction in a web page

    D. protect against malware infiltration

  • Question 567:

    What is the functional purpose of the HTTP 302 response code?

    A. alert users that an attack is underway

    B. identify a temporary URL redirection for a web site and redirect the user to it

    C. ask for authentication of the user

    D. alert the user that the webpage is no longer available

  • Question 568:

    What happens to the victim's browser during an HTTP 302 cushioning?

    A. The browser is redirected to the malicious web page that delivers the exploit to the victim's machine through a series of HTTP 302 redirections.

    B. The browser displays the HTTP 302 redirection warning and prevents the web redirection to the malicious web page that delivers the exploit to the victim's machine.

    C. The browser executes the malicious script and is then redirected to the malicious web page that delivers the exploit to the victim's machine.

    D. The browser loads the iFrame and is then redirected to the malicious web page that delivers the exploit to the victim's machine.

  • Question 569:

    What method is used by Cisco OpenDNS to help prevent attacks via iFrame?

    A. Cisco OpenDNS cannot do anything to prevent this type of attack.

    B. Cisco OpenDNS will run the requested web page in a sandbox environment.

    C. Cisco OpenDNS can deny access to known malicious web sites.

    D. Cisco OpenDNS will strip out malicious information from packets.

  • Question 570:

    What can a security analyst do to identify an attack if an iFrame injection is missed by visual observation (by only showing a few pixels)?

    A. run the webpage in a sandbox environment

    B. review a packet capture through Wireshark

    C. observe the traffic on the website

    D. run an NMAP scan on a user's web traffic

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.