Which one of the following attacks results when attackers place themselves in line between two devices that are communicating, with the intent of performing reconnaissance or manipulating the data as it moves between the devices?
A. Man-in-the-path
B. Man-in-the-middle
C. Routing protocol attacks
D. Routing injection attacks
Which of the following is a type of vulnerability where an attacker can use or cause malformed data or unexpected data to abuse an application's logic, cause a DoS attack, or execute arbitrary code?
A. Deserialization of untrusted data
B. Serialization of untrusted data
C. Deserialization of encrypted data
D. Serialization of encrypted data
Which of the following is a type vulnerability that describes when a program or software puts more data in a buffer than it can hold or when a program tries to put data in a memory location past a buffer?
A. Buffer deserialization
B. Buffer injection
C. Cross-site buffer injection
D. Buffer overflow
What is a cross-site scripting (XSS) vulnerability?
A. A type of web application vulnerability where malicious scripts are injected into legitimate and trusted websites
B. A type of cross-domain hijack vulnerability
C. A type of vulnerability that leverages the crossing of scripts in an application
D. A type of cross-site request forgery (CSRF) vulnerability that is used to steal information from the network
What is a SQL injection vulnerability?
A. A type of vulnerability where an attacker can insert or "inject" a SQL query via the input data from the client to the application or database
B. A type of vulnerability where an attacker can "inject" a new password to a SQL server or the client
C. A type of DoS vulnerability that can cause a SQL server to crash
D. A type of privilege escalation vulnerability aimed at SQL servers
Which of the following describes a rainbow table?
A. An attacker creates a table of mathematical calculations that can be used to perform cryptanalysis of encryption algorithms.
B. An attacker creates a table of mathematical calculations that can be used to perform cryptanalysis of hashing algorithms.
C. An attacker computes possible passwords and their hashes in a given system and puts the results into a lookup table.
D. An attacker computes possible hashing algorithms used in an encrypted channel and puts the results into a lookup table.
What is a buffer overflow?
A. A buffer overflow is when a program or software cannot write data in a buffer, causing the application to crash.
B. A buffer overflow is when a program or software sends the contents of the buffer to an attacker.
C. A buffer overflow is when an attacker overflows a program with numerous packets to cause a denial-of-service condition.
D. A buffer overflow is when a program or software puts more data in a buffer than it can hold or when a program tries to put data in a memory location past a buffer.
What is a backdoor?
A. A backdoor is a social engineering attack to get access back to the victim.
B. A backdoor is a privilege escalation attack designed to get access from the victim.
C. A backdoor is an application or code used by an attacker either to allow future access or to collect information to use in further attacks.
D. A backdoor is malware installed using man-in-the-middle attacks.
What is an amplification attack?
A. An amplification attack is a form of directed DDoS attack in which the attacker's packets are sent at a much faster rate than the victim's packets.
B. An amplification attack is a form of reflected attack in which the response traffic (sent by the unwitting participant) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim).
C. An amplification attack is a type of man-in-the-middle attack.
D. An amplification attack is a type of data exfiltration attack.
Which of the following is an example of a DNS tunneling tool?
A. dig
B. nslookup
C. DNScapy
D. DNSSEC
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.