Practice 350-701 Content Security questions with full explanations on every answer.
Start practicing
Content Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A security administrator notices that a significant volume of spam is bypassing the Cisco ESA's anti-spam filters. Upon investigation, they find that the messages have a mid-range SBRS score of 5.0. Which action should the administrator take to improve spam detection?
2An organization is deploying Cisco ESA and wants to ensure that outbound emails containing credit card numbers are blocked. The administrator configures a DLP policy to scan for credit card patterns. However, some legitimate emails with credit card numbers are being incorrectly blocked. What is the best approach to reduce false positives while still preventing data leakage?
3A Cisco WSA administrator wants to block access to social media sites for all users during work hours. The proxy is deployed in explicit mode. Which policy type should the administrator use to enforce this restriction?
4Which Cisco content security solution uses DNS to block access to malicious domains and provides cloud-based proxy protection?
5An organization using Cisco WSA in transparent proxy mode with WCCP redirect notices that some HTTPS traffic is not being decrypted for inspection. The administrator has enabled SSL decryption but certain traffic still bypasses. What is the most likely cause?
6A Cisco ESA administrator is investigating an increase in false positive detections from the outbreak filter. The filter is configured to use TALOS intelligence and has a threshold of 'Medium'. Which action would most effectively reduce false positives while maintaining protection against new outbreaks?
7A company is implementing DMARC for its domain. The administrator wants to instruct receivers to reject emails that fail SPF or DKIM checks. Which DMARC policy should the administrator set?
8Which Cisco WSA feature allows administrators to control bandwidth usage per user or group by limiting the amount of bandwidth consumed for specific applications?
9A security analyst receives an alert that a user clicked a link in an email that led to a malicious website. The email was allowed by the Cisco ESA because it passed SPF, DKIM, and DMARC checks. Later analysis reveals the email was sent from a compromised account within the same domain. Which type of attack best describes this scenario?
10An organization is using Cisco Firepower NGFW to enforce content filtering. They want to block social media applications like Facebook and Twitter but allow LinkedIn for business purposes. Which feature should be used to differentiate between these applications?
11Which Cisco email security feature uses SHA-256 hash lookups to detect known malware in email attachments?
12A company is deploying Cisco Secure Web (WSA) and wants to integrate with Active Directory for user-based policies. The proxy is in transparent mode. Which technology allows the WSA to identify users transparently without requiring client configuration?
13An administrator is configuring Cisco ESA to protect against Business Email Compromise (BEC) attacks. Which TWO of the following features are most effective in detecting and mitigating BEC?
14A Cisco WSA administrator needs to implement HTTPS inspection for traffic from internal users. The administrator wants to avoid decrypting traffic to financial and healthcare sites due to compliance requirements. Which THREE actions should the administrator take to configure this policy?
15Which TWO statements about Cisco Umbrella SIG are true?
16To protect against phishing attacks that use fraudulent emails to trick users into revealing credentials, which email authentication technology verifies the sending domain's DNS records for a digital signature?
17An organization wants to enforce a policy that blocks outbound emails containing Social Security numbers. Which feature of Cisco ESA should be configured?
18A security engineer is configuring Cisco WSA in explicit proxy mode. Which traffic interception method is being used when each endpoint browser is configured with the proxy address?
19Which Cisco Umbrella feature provides protection against malicious domains by blocking DNS requests to known bad sites?
20An organization wants to implement URL filtering based on user identity. The Cisco WSA must integrate with which directory service to apply policies per user or group?
21Which Cisco technology uses SHA-256 file hashes to determine if a file is malicious by querying a cloud database?
22A security engineer is troubleshooting an issue where users can bypass the Cisco WSA by using HTTPS. What must be enabled on the WSA to inspect encrypted traffic?
23Which Cisco NGFW technology can be used to block social media categories such as Facebook and Twitter during business hours?
24What is the correct order of email authentication checks recommended by Cisco?
25A company receives a spear-phishing email that appears to come from the CEO requesting an urgent wire transfer. What type of email attack is this?
26In Cisco ESA, which feature uses TALOS intelligence to provide real-time protection against newly identified email threats before signature updates are available?
27What is the primary purpose of DMARC in email authentication?
28A Cisco WSA administrator wants to apply different web usage policies based on user group membership. Which two methods can be used to identify users transparently? (Choose two.)
29A SOC analyst is investigating a BEC attack. Which three indicators should be examined in the email headers to detect the spoofing? (Choose three.)
30An organization wants to block access to malicious websites using Cisco Umbrella. Which two protection layers are available with the Umbrella SIG? (Choose two.)
31An organization wants to prevent users from accessing known malicious websites. Which Cisco WSA feature should be configured to block access based on website reputation?
32A security administrator receives an alert that an email with an attachment was blocked by the Cisco Email Security Appliance (ESA). The attachment was identified as malware using cloud lookup. Which technology was used to detect the threat?
33An organization is implementing email authentication to prevent domain spoofing. They have deployed SPF and DKIM. Which additional record should they publish to instruct receiving mail servers on how to handle emails that fail SPF or DKIM checks?
34A company wants to enforce that all outbound emails containing credit card numbers are blocked. Which Cisco ESA feature should be configured to achieve this?
35A network administrator is configuring Cisco WSA to intercept web traffic transparently. Which protocol should be used to redirect traffic from the router to the WSA?
36Which Cisco cloud-based security solution provides DNS-layer security to block requests to malicious domains?
37An organization has deployed Cisco WSA in explicit proxy mode. Users are required to authenticate using their Active Directory credentials. Which WSA feature enables transparent user identification without requiring users to manually log in?
38A security analyst notices that a user is downloading a file from a website. The Cisco WSA is configured to perform AMP file scanning. What happens when the file's SHA-256 hash is not found in the local cache?
39A company wants to block social media access for employees during work hours. Which Cisco Firepower NGFW feature should be used to achieve this?
40During a phishing simulation, an employee receives an email that appears to be from the CEO requesting an urgent wire transfer. This type of attack is known as:
41A Cisco WSA administrator wants to prioritize bandwidth for video conferencing applications while limiting recreational streaming. Which feature should be configured?
42An organization is using Cisco ESA and wants to ensure that emails sent from their domain are authenticated using a cryptographic signature. Which email authentication method should be configured?
43Which TWO of the following are capabilities of Cisco Umbrella SIG? (Choose TWO.)
44A security team is investigating an email threat that bypassed the Cisco ESA. The email appears to be from the CFO asking for a wire transfer. Which THREE of the following are characteristics of this attack? (Choose THREE.)
45Which TWO of the following are valid methods for deploying Cisco WSA? (Choose TWO.)
46A security engineer is configuring the Cisco ESA to block spam. The engineer wants to rely on a reputation-based system that scores senders based on global email traffic patterns. Which technology should be used?
47An organization wants to prevent employees from accessing social media websites during work hours. Which Cisco WSA feature should be used to enforce this policy?
48A company using Cisco ESA receives an email that appears to be from the CEO requesting an urgent wire transfer. The email fails SPF and DKIM checks but passes DMARC. What is the most likely explanation?
49A network administrator wants to deploy Cisco WSA as a transparent proxy to inspect web traffic without changing browser settings. Which protocol should be used to redirect traffic to the WSA?
50Which Cisco security solution provides DNS-layer security to block access to malicious domains before a connection is established?
51An organization uses Cisco ESA to enforce DLP policies. Which of the following is an example of a DLP policy that can be configured on the ESA?
52A SOC analyst notices that a user downloaded a malicious file from a website. The Cisco WSA is configured with AMP file scanning. However, the file was not blocked. Which scenario best explains why AMP failed to detect the file?
53An administrator wants to enforce identity-based policies on Cisco WSA by integrating with Active Directory. Which method allows the WSA to identify users transparently without requiring client software?
54Which Cisco technology provides visibility into the performance of SaaS applications such as Microsoft 365?
55A security engineer is configuring Cisco Firepower NGFW to block social media applications. Which feature should be used to achieve this?
56An organization wants to use Cisco Umbrella SIG to enforce security policy for remote users. Which deployment method allows Umbrella to inspect traffic for all ports and protocols, not just DNS?
57Which email authentication method allows the domain owner to publish a policy that instructs receiving mail servers on how to handle messages that fail SPF and DKIM checks?
58A security analyst is investigating a Business Email Compromise (BEC) attack. Which two indicators are commonly associated with BEC attacks? (Choose two.)
59An organization is deploying Cisco WSA in explicit proxy mode. Which three considerations are important for this deployment? (Choose three.)
60Which two Cisco solutions can be used to provide cloud-based content security including DNS-layer protection and cloud proxy? (Choose two.)
61An organization wants to prevent outbound email containing credit card numbers from leaving the network. Which Cisco ESA feature should be configured?
62A security engineer needs to block access to social media websites for all users except those in the HR department. The solution must integrate with Active Directory. Which Cisco WSA feature should be used?
63An email administrator receives reports of a targeted phishing campaign where attackers impersonate the CEO to request wire transfers. Which Cisco ESA feature provides the best defense against this Business Email Compromise (BEC) attack?
64A company uses Cisco Umbrella SIG to enforce security policies. An employee attempts to visit a website categorized as 'Phishing' but the request is allowed. What is the most likely cause?
65Which Cisco technology uses SenderBase reputation scores (SBRS) to evaluate incoming email?
66A network administrator wants to deploy Cisco WSA as a transparent proxy using WCCP. Which traffic redirection method does WCCP use?
67During an email security audit, it is discovered that some phishing emails are passing through the Cisco ESA. Analysis shows the emails have valid SPF and DKIM signatures but are classified as phishing. What additional Cisco ESA feature should be tuned to improve detection?
68A user reports slow performance when accessing cloud-based applications. Which Cisco tool provides visibility into SaaS application performance?
69Which Cisco ESA feature uses SHA-256 cloud lookups to detect malware in email attachments?
70An organization using Cisco Firepower NGFW wants to block all social media traffic while allowing other web traffic. Which feature should be configured?
71A security engineer is configuring Cisco WSA for HTTPS inspection but notices that some encrypted traffic is being bypassed. The WSA is configured with a decryption policy that excludes traffic to financial websites. What is the most likely reason for the bypass?
72Which Cisco content security solution provides DNS-layer protection and a cloud proxy to enforce security policies?
73A security analyst notices that emails from a trusted partner's domain are being quarantined by the Cisco ESA. The analyst wants to verify the email authentication status. Which TWO authentication mechanisms should be checked?
74An organization is deploying Cisco WSA to enforce acceptable use policies. The administrator wants to block access to social media and streaming video, while also decrypting HTTPS traffic for these categories. Which THREE configuration steps are required?
75A company is experiencing an increase in spear-phishing attacks targeting executives. Which TWO Cisco ESA features should be configured to mitigate this threat?
76A security analyst notices that a user is receiving a high volume of emails from unknown senders with links to malicious sites. The ESA is configured with Cisco TALOS threat intelligence. Which ESA feature should the analyst configure to block these emails based on the reputation of the sender before they reach the user's inbox?
77A company is using Cisco WSA with explicit proxy mode. The security team wants to enforce HTTPS inspection for all web traffic from the finance department to detect malicious content in encrypted connections. However, they want to exclude traffic to financial institutions' websites due to compliance reasons. Which configuration approach should be used to achieve this?
78An organization wants to protect against Business Email Compromise (BEC) attacks where attackers spoof the CEO's email address to request wire transfers. Which email authentication method is specifically designed to help prevent domain spoofing by allowing senders to specify how email that fails authentication should be handled?
79A company uses Cisco Umbrella SIG to secure internet access for remote users. The security team wants to block access to social media websites but allow access to business-related websites that may share the same IP addresses. Which Umbrella feature should be used to enforce this granular control?
80A company is deploying Cisco ESA and wants to protect against malware delivered via email attachments. Which TWO features can be used together to provide both signature-based detection and behavioral analysis?
81An organization uses Cisco Firepower NGFW to enforce content security policies. The security team wants to block all social media traffic during business hours but allow access during lunch breaks. Additionally, they want to detect and alert on any SSL connections to unknown destinations that might indicate data exfiltration. Which THREE capabilities of the NGFW should be combined to achieve these objectives?
82A company is using Cisco WSA with transparent proxy via WCCP. The security team wants to identify which users are accessing banned websites and also enforce bandwidth limits for video streaming. Which TWO features should be configured on the WSA?
83An organization wants to prevent sensitive data such as credit card numbers from being sent via email. Which TWO features of Cisco ESA can be used to achieve this?
84A company is deploying Cisco Umbrella SIG to protect against malware and phishing. The security team wants to ensure that even if a user clicks on a malicious link in an email, the traffic is inspected and blocked if needed. Which TWO features of Umbrella can be used to provide this protection?
85A financial institution uses Cisco ESA and wants to protect against spear phishing attacks targeting executives. The security team configures DMARC with a 'reject' policy for the corporate domain. Additionally, they want to ensure that emails from external sources claiming to be from the CEO are flagged and quarantined. Which THREE security measures should be implemented?
The Content Security domain covers the key concepts tested in this area of the 350-701 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 350-701 domains — no account required.
The Courseiva 350-701 question bank contains 85 questions in the Content Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Content Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included