Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security practice sets

350-601 Security • Complete Question Bank

350-601 Security — All Questions With Answers

Complete 350-601 Security question bank — all 0 questions with answers and detailed explanations.

50
Questions
Free
No signup
Certifications/350-601/Practice Test/Security/All Questions
Question 1easymultiple choice
Read the full Security explanation →

In ACI, which model is used for micro-segmentation to allow traffic between EPGs?

Question 2mediummultiple choice
Read the full Security explanation →

An engineer needs to deny all traffic between two EPGs in ACI while allowing other EPG communications. Which construct should be used?

Question 3easymultiple choice
Study the full AAA explanation →

Which protocol is recommended by Cisco for network device administration AAA due to its separation of authentication, authorization, and accounting?

Question 4mediummultiple choice
Read the full Security explanation →

A Nexus switch is experiencing high CPU utilization due to control plane traffic. Which feature should be configured to protect the CPU?

Question 5hardmultiple choice
Read the full Security explanation →

In Cisco TrustSec, which technology is used to enforce east-west traffic policies based on identity without relying on IP addresses?

Question 6mediummultiple choice
Read the full DHCP explanation →

An administrator wants to prevent a rogue DHCP server from assigning IP addresses on a Nexus switch. Which feature should be enabled?

Question 7mediummultiple choice
Read the full Security explanation →

Which Nexus security feature validates the source IP address of packets on a per-port basis and drops packets with invalid source IPs?

Question 8hardmultiple choice
Read the full Security explanation →

An organization uses Cisco TrustSec to tag traffic. An endpoint is assigned SGT 5 (Developers) and another SGT 10 (Testers). The SGACL on the leaf switch permits traffic from SGT 5 to SGT 10 for HTTP but denies other. Which action is taken by the leaf switch?

Question 9easymultiple choice
Read the full Security explanation →

Which feature on Nexus switches prevents ARP spoofing attacks by validating ARP packets?

Question 10mediummultiple choice
Read the full Security explanation →

An administrator needs to limit the number of MAC addresses learned on a Nexus access port to prevent MAC flooding attacks. Which feature should be configured?

Question 11hardmultiple choice
Read the full Security explanation →

In UCS Manager, which feature provides role-based access control for managing the fabric interconnects?

Question 12mediummultiple choice
Read the full Security explanation →

Which technology provides at-rest encryption for disk drives in UCS servers?

Question 13hardmultiple choice
Read the full Security explanation →

An organization wants to encrypt Fibre Channel traffic in-flight between storage and servers. Which standard should be used?

Question 14mediummulti select
Read the full Security explanation →

Which TWO features are commonly used together to prevent IP spoofing on a Nexus switch? (Choose two.)

Question 15hardmulti select
Read the full Security explanation →

An engineer is hardening a Nexus switch. Which THREE actions should be taken? (Choose three.)

Question 16mediummultiple choice
Read the full Security explanation →

A network engineer is configuring micro-segmentation in an ACI fabric. Two EPGs, Web and App, must communicate via HTTPS only. Which type of contract should be applied between the EPGs?

Question 17easymultiple choice
Read the full Security explanation →

Which authentication protocol is recommended by Cisco for network device administration due to its separation of authentication, authorization, and accounting?

Question 18hardmultiple choice
Read the full Security explanation →

A Nexus switch is being hardened. An engineer wants to protect the control plane from CPU-targeted attacks, such as heavy ICMP traffic. Which feature should be configured?

Question 19mediummultiple choice
Read the full Security explanation →

An engineer is deploying Cisco TrustSec in a data center. Which technology uses Security Group Tags (SGTs) to enforce east-west traffic policies without relying on IP addresses?

Question 20mediummultiple choice
Read the full Security explanation →

In a UCS environment, an administrator needs to restrict access to the UCS Manager so that only specific users can configure server policies. Which feature should be used?

Question 21easymultiple choice
Read the full DHCP explanation →

Which security feature on a Nexus switch prevents a rogue DHCP server from assigning invalid IP addresses to clients?

Question 22hardmultiple choice
Read the full Security explanation →

A data center uses self-encrypting drives (SEDs) in UCS servers. Which type of protection does SED provide?

Question 23mediummultiple choice
Study the full ACL explanation →

An engineer applies an IPv4 ACL to a Nexus switch interface. The ACL must permit traffic from host 10.1.1.1 to host 10.2.2.2 on TCP port 443 and deny all other traffic. Which configuration is correct?

Question 24mediummultiple choice
Read the full Security explanation →

A Nexus switch is configured with port security. Which violation action will cause the switch to shut down the interface when a security violation occurs?

Question 25hardmultiple choice
Read the full Security explanation →

In an ACI fabric, a security policy requires that traffic from EPG1 to EPG2 be denied, but all other inter-EPG traffic is permitted by default. Which type of contract should be used?

Question 26easymultiple choice
Read the full Security explanation →

Which Nexus security feature validates ARP packets to prevent ARP spoofing attacks?

Question 27mediummultiple choice
Study the full AAA explanation →

An engineer is configuring 802.1X for network access control. Which AAA protocol should be used for communication between the authenticator (switch) and the authentication server?

Question 28mediummultiple choice
Read the full DHCP explanation →

Which feature on a Nexus switch uses DHCP snooping binding information to filter IP traffic on a per-port basis?

Question 29hardmultiple choice
Read the full Security explanation →

A UCS administrator needs to ensure that only the fabric interconnect management plane is accessible from the management network. Which feature should be implemented?

Question 30mediummultiple choice
Read the full Security explanation →

An engineer wants to enforce security policies in a data center based on user identity rather than IP addresses. Which Cisco technology enables identity-based tagging and policy enforcement?

Question 31mediummulti select
Read the full Security explanation →

A network engineer is hardening a Nexus switch. Which two security best practices should be applied? (Choose two.)

Question 32hardmulti select
Read the full Security explanation →

An engineer is deploying data encryption in a SAN environment. Which two methods provide at-rest encryption? (Choose two.)

Question 33easymulti select
Read the full Security explanation →

Which three features are used on Nexus switches to mitigate Layer 2 attacks? (Choose three.)

Question 34easymultiple choice
Read the full Security explanation →

An engineer is configuring micro-segmentation in an ACI fabric. Which object defines the whitelist model for communication between EPGs?

Question 35mediummultiple choice
Read the full DHCP explanation →

A Nexus switch is configured with DHCP snooping. Which switchport mode is required for trusted ports to prevent rogue DHCP server attacks?

Question 36hardmultiple choice
Study the full ACL explanation →

A network administrator must enforce security policies for east-west traffic in a Cisco TrustSec-enabled data center without using IP-based ACLs. Which technology should be used?

Question 37easymultiple choice
Study the full AAA explanation →

Which AAA protocol is recommended by Cisco for network device administration, as it separates authentication, authorization, and accounting?

Question 38mediummultiple choice
Read the full Security explanation →

An engineer needs to protect the control plane of a Nexus 9000 switch from CPU-targeted attacks. Which feature should be configured?

Question 39hardmultiple choice
Read the full Security explanation →

In a UCS environment, which method provides management plane isolation for the fabric interconnects?

Question 40mediummultiple choice
Open the full VLAN trunking answer →

A Nexus administrator wants to apply an IPv4 ACL to filter traffic on a specific VLAN. Which command is correct?

Question 41easymultiple choice
Read the full DHCP explanation →

Which feature prevents IP spoofing by ensuring that a client uses only the IP address assigned by DHCP?

Question 42mediummultiple choice
Read the full Security explanation →

An organization requires disk encryption for data at rest in their UCS environment. Which technology should be used?

Question 43hardmultiple choice
Read the full Security explanation →

In ACI, a tenant requires that all traffic between two EPGs is denied except for specific HTTP traffic. Which policy elements must be configured?

Question 44mediummultiple choice
Read the full Security explanation →

A network engineer is hardening a Nexus 9000 switch. Which action is most effective in reducing the attack surface?

Question 45mediummultiple choice
Read the full Security explanation →

Which Nexus feature dynamically validates ARP packets to prevent man-in-the-middle attacks?

Question 46easymultiple choice
Read the full Security explanation →

In Cisco TrustSec, what is used to tag traffic based on identity or group membership?

Question 47hardmultiple choice
Read the full Security explanation →

A data center architect needs to enforce role-based access control for UCS Manager. What is the correct approach?

Question 48mediummultiple choice
Read the full Security explanation →

Which encryption technology is used to secure Fibre Channel traffic in flight between storage and switches?

Question 49mediummulti select
Read the full Security explanation →

A security engineer is deploying IP Source Guard on a Nexus switch. Which two components must be operational for IP Source Guard to function correctly?

Question 50hardmulti select
Read the full Security explanation →

An organization wants to encrypt data at rest in a storage array. Which two technologies can be used? (Choose two.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

350-601 Practice Test 1 — 25 Questions→350-601 Practice Test 2 — 25 Questions→350-601 Practice Test 3 — 25 Questions→350-601 Practice Test 4 — 25 Questions→350-601 Practice Test 5 — 25 Questions→350-601 Practice Exam 1 — 20 Questions→350-601 Practice Exam 2 — 20 Questions→350-601 Practice Exam 3 — 20 Questions→350-601 Practice Exam 4 — 20 Questions→Free 350-601 Practice Test 1 — 30 Questions→Free 350-601 Practice Test 2 — 30 Questions→Free 350-601 Practice Test 3 — 30 Questions→350-601 Practice Questions 1 — 50 Questions→350-601 Practice Questions 2 — 50 Questions→350-601 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

SecurityNetworkStorage NetworkAutomationCompute

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security setsAll Security questions350-601 Practice Hub