Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-701DomainsEndpoint Security and Identity
350-701Free — No Signup

Endpoint Security and Identity

Practice 350-701 Endpoint Security and Identity questions with full explanations on every answer.

125questions

Start practicing

Endpoint Security and Identity — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

350-701 Domains

Security ConceptsNetwork SecurityEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Practice Endpoint Security and Identity questions

10Q20Q30Q50Q

All 350-701 Endpoint Security and Identity questions (125)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A network administrator wants to deploy Cisco AMP for Endpoints to protect endpoints. Which feature allows the detection of a file that was initially deemed benign but later discovered to be malicious?

2

An engineer is configuring Cisco ISE for 802.1X authentication. The organization has a mix of devices, including some that do not support 802.1X supplicants. Which method should the engineer use to allow these non-supplicant devices to authenticate?

3

During a security incident, a SOC analyst notices that a malicious file was executed on an endpoint. Using Cisco AMP for Endpoints, which feature should the analyst use to visualize the file's propagation and activities across the network over time?

4

In Cisco ISE, profiling is used to identify device types. Which probe must be enabled for ISE to determine the operating system of a device by analyzing DHCP options?

5

An organization wants to enforce endpoint posture compliance before granting network access. In Cisco ISE, which component performs the actual checks on the endpoint to verify antivirus status and patch levels?

6

A security engineer is configuring Duo for VPN authentication with AnyConnect. Which authentication factor does Duo provide in addition to the user's primary credentials?

7

In a Cisco ISE deployment, after a device passes posture assessment, ISE needs to dynamically change the VLAN assignment for the device. Which protocol or feature enables ISE to send a new authorization policy to the network access device without requiring the endpoint to reauthenticate?

8

Which component in the 802.1X architecture is responsible for relaying authentication messages between the client and the authentication server?

9

An organization uses Cisco AMP for Endpoints and wants to perform a remote investigation on an infected endpoint. The security analyst needs to isolate the endpoint from the network while collecting forensic data. Which AMP feature should be used?

10

In Cisco ISE, which protocol is used for EAP-TLS authentication, and what is the primary requirement for the client to successfully authenticate?

11

A company wants to implement privileged access management (PAM) to secure administrative credentials. They need a solution that provides just-in-time access and session recording. Which product integrated with Cisco SecureX can fulfill these requirements?

12

In Cisco AMP for Endpoints, which technology prevents exploit techniques such as code injection and memory corruption at runtime without relying on signatures?

13

A network administrator is configuring Cisco ISE for guest access. The company requires a solution where guests can create their own accounts and receive network access after a sponsor approves. Which two components must be configured? (Choose two.)

14

An organization wants to deploy endpoint hardening measures. Which three of the following are considered endpoint hardening techniques? (Choose three.)

15

An administrator is configuring Cisco ISE profiling using Device Sensor. Which two types of information can the Device Sensor collect from endpoints? (Choose two.)

16

A security engineer is deploying Cisco AMP for Endpoints in an organization. To ensure that any malicious file that was initially allowed but later determined to be malicious can be traced, which feature should be used?

17

During 802.1X authentication, which component acts as the intermediary that forwards authentication requests between the client and the authentication server?

18

A network administrator needs to provide network access to a legacy printer that does not support 802.1X. Which Cisco ISE feature should be used to authenticate this device?

19

An organization uses Cisco ISE for network access control. After a user authenticates via 802.1X, a posture assessment determines that the user's antivirus definitions are outdated. What ISE feature can be used to dynamically restrict the user's network access until the issue is resolved?

20

Which Cisco security product provides multi-factor authentication through push notifications, TOTP, and hardware tokens?

21

A security analyst wants to investigate a remote endpoint that is suspected of being compromised. Using Cisco AMP for Endpoints, which capability allows the analyst to run commands on the endpoint and perform live analysis?

22

In a Cisco TrustSec deployment, after successful authentication, ISE assigns a Security Group Tag (SGT) to the user. Which protocol is used to propagate the SGT to the network devices for policy enforcement?

23

Which Cisco ISE probe is used to identify the operating system and open ports of an endpoint by actively scanning it?

24

An organization is implementing privileged access management (PAM) with Cisco SecureX and CyberArk. Which feature allows administrators to grant temporary elevated privileges for a specific task, after which the privileges are automatically revoked?

25

A network engineer is configuring 802.1X on a switch port that connects to a VoIP phone and a PC behind the phone. Which authentication method should be used to authenticate both devices separately?

26

Which EAP method used with 802.1X requires a client-side certificate for authentication?

27

Cisco ISE posture assessment requires that endpoints meet certain security requirements before being granted network access. Which of the following is a typical posture requirement?

28

A security administrator is configuring Cisco ISE for guest access. Which TWO components are required to allow guests to self-register and obtain network access? (Choose two.)

29

A company wants to deploy endpoint hardening measures to prevent unauthorized applications from executing. Which THREE techniques are commonly used for application control? (Choose three.)

30

An organization is deploying Cisco Duo for multi-factor authentication. Which TWO authentication methods can be used with Duo? (Choose two.)

31

An engineer is configuring Cisco Secure Endpoint (AMP) connectors. Which deployment is supported for the macOS platform?

32

A security analyst notices that a file previously marked as 'clean' on an endpoint was later determined to be malicious. Using Cisco Secure Endpoint, which feature allows the analyst to see the propagation of that file across the system and understand its impact?

33

An organization wants to deploy 802.1X for network access control. Which component is responsible for forwarding authentication requests from the endpoint to the authentication server?

34

A network administrator is configuring Cisco ISE to authenticate devices that do not support 802.1X supplicant software. Which authentication method should be used for these non-supplicant devices?

35

Cisco ISE performs profiling to identify device type. Which probe collects information by querying the device's MAC address OUI and DHCP options?

36

An administrator wants to dynamically change the VLAN assignment for a user after a posture assessment determines that the endpoint is missing a critical patch. Which ISE feature accomplishes this?

37

Which Cisco Duo authentication method involves a one-time code generated by a hardware token?

38

A security engineer is investigating a suspicious process on an endpoint. Using Cisco Secure Endpoint, which EDR capability allows the engineer to isolate the process and prevent it from executing further?

39

Which protocol does Cisco ISE use to communicate with network devices for 802.1X authentication?

40

An organization is implementing privileged access management (PAM) using Cisco SecureX and CyberArk. Which PAM capability provides temporary elevated access that is automatically revoked after a set period?

41

A Cisco ISE administrator is configuring guest access with a sponsor portal. Which type of guest account requires approval from a sponsor before network access is granted?

42

Which EAP method used with 802.1X provides certificate-based mutual authentication and is commonly used with Cisco ISE?

43

A security analyst is configuring Cisco Secure Endpoint (AMP) to detect and respond to threats. Which TWO features are part of the Exploit Prevention capability? (Choose two.)

44

An engineer is deploying Cisco ISE for posture assessment. Which THREE conditions can ISE check during posture assessment before granting full network access? (Choose three.)

45

An organization wants to implement multi-factor authentication (MFA) for VPN access using Cisco AnyConnect and Duo. Which TWO authentication factors can Duo provide? (Choose two.)

46

A security administrator notices that a file initially classified as 'unknown' by Cisco AMP for Endpoints has been later determined to be malicious. Which Cisco AMP feature allows the administrator to see the file's propagation and impacts across endpoints?

47

An engineer is configuring Cisco ISE for 802.1X authentication. The network has many printers and IP phones that do not support 802.1X supplicant software. Which ISE feature should be used to allow these devices to authenticate?

48

A security analyst needs to enforce that all endpoints have antivirus software running and are up-to-date with patches before granting full network access. Which Cisco ISE feature should be used to enforce this policy?

49

An organization deploys Cisco ISE for network access control. After successful 802.1X authentication, a user's device is found to be missing critical patches via posture assessment. The administrator wants to dynamically move the user to a remediation VLAN without requiring the user to reconnect. Which ISE capability enables this?

50

A company wants to implement two-factor authentication for remote VPN access using Cisco AnyConnect. They need a solution that supports push notifications to a mobile app. Which Cisco product meets this requirement?

51

In a Cisco ISE 802.1X deployment, which component acts as the authenticator?

52

A security engineer is configuring Cisco AMP for Endpoints to protect against memory injection attacks. Which feature should be enabled to block exploits that attempt to inject malicious code into legitimate processes?

53

During a security incident, an analyst needs to isolate a compromised endpoint and perform remote forensic analysis using Cisco AMP for Endpoints. Which capability allows the analyst to execute commands on the endpoint remotely?

54

An organization wants to implement privileged access management (PAM) for critical servers. They require just-in-time access and session recording. Which solution integrates with Cisco SecureX to provide these capabilities?

55

Which authentication protocol is used in Cisco ISE for certificate-based 802.1X authentication?

56

A network administrator configures Cisco ISE to identify devices by analyzing DHCP requests, HTTP user agents, and SNMP queries. Which ISE feature is being used?

57

A security team wants to enforce application whitelisting on endpoints to prevent unauthorized software execution. Which Cisco AMP for Endpoints feature can be used to implement this control?

58

A company deploys Cisco ISE for network access control. They need to allow guests to access the internet via a self-registration portal. Which two components must be configured? (Choose two.)

59

An organization wants to deploy endpoint hardening measures. Which three capabilities are provided by Cisco AMP for Endpoints as part of EDR (Endpoint Detection and Response)? (Choose three.)

60

A network engineer is troubleshooting 802.1X authentication failures. Which two components are required for a successful 802.1X authentication? (Choose two.)

61

A security administrator notices that a file initially classified as 'unknown' by Cisco AMP for Endpoints was later determined to be malicious after execution. Which feature allows the administrator to see the file's propagation and impact on endpoints?

62

An organization wants to provide network access to guest users through Cisco ISE. Guests must register themselves and accept an acceptable use policy before gaining internet-only access. Which guest access method should be configured?

63

In a Cisco ISE deployment, a network administrator needs to dynamically change the VLAN assignment for an endpoint after a posture assessment determines that the endpoint is non-compliant. Which ISE feature enables this dynamic change without re-authentication?

64

Cisco ISE is performing profiling on a network. It receives a DHCP request from a device with vendor class identifier 'MSFT 5.0' and an HTTP user-agent 'Mozilla/5.0 (Windows NT 10.0)'. Which probes are most likely used to collect this information?

65

An organization wants to enforce multi-factor authentication for remote VPN access. Cisco AnyConnect is used as the VPN client. Which Cisco product integrates with AnyConnect to provide MFA capabilities such as push notifications and one-time passwords?

66

A network engineer is troubleshooting 802.1X authentication on a Cisco switch. Users report that they cannot authenticate. The engineer verifies that the switch (authenticator) is configured correctly and the RADIUS server (ISE) is reachable. Which component is most likely misconfigured on the client side?

67

During a security incident, an analyst uses Cisco AMP for Endpoints to remotely investigate a compromised endpoint. The analyst needs to isolate the endpoint from the network while preserving the ability to continue the investigation. Which AMP action should be taken?

68

A company wants to implement network access control for IoT devices that do not support 802.1X. Which Cisco ISE feature can be used to grant these devices network access based on their MAC address?

69

An organization requires that endpoints must have antivirus running and up-to-date patches before being granted full network access. Cisco ISE is used for authentication. Which ISE component enforces these requirements?

70

A security engineer is configuring Cisco ISE for 802.1X authentication using EAP-TLS. What must be deployed on the endpoints to support this authentication method?

71

A company uses Cisco AMP for Endpoints and wants to deploy it on mobile devices running iOS and Android. Which deployment method is supported for these platforms?

72

Cisco ISE is configured to assign Security Group Tags (SGTs) to endpoints based on their identity. This is part of which Cisco security architecture?

73

A security analyst is investigating an alert from Cisco AMP for Endpoints. The analyst wants to perform remote actions on the endpoint. Which TWO actions are available in AMP for Endpoints? (Choose two.)

74

A company is deploying Cisco ISE for network access control. They need to authenticate devices that do not support 802.1X, such as printers and IP phones. Which TWO methods can be used to authenticate these devices? (Choose two.)

75

An organization wants to implement Privileged Access Management (PAM) using Cisco SecureX and CyberArk. Which THREE capabilities are typically associated with PAM solutions? (Choose three.)

76

A security administrator is implementing Cisco AMP for Endpoints and wants to identify files that were initially allowed but later determined to be malicious. Which feature allows the administrator to see the propagation of such a file across the environment?

77

An engineer is configuring Cisco ISE for 802.1X authentication in a corporate network. A printer that does not support 802.1X needs to be granted network access. Which method should the engineer use to authenticate the printer?

78

A security analyst discovers that an endpoint was infected by a file that initially received a 'clean' disposition from Cisco AMP. The analyst needs to identify all other endpoints that executed the same file and examine their trajectory. Which approach should be used to find these endpoints in the AMP console?

79

A network administrator is configuring Cisco ISE profiling to identify devices on the network. Which probe allows ISE to identify device type by analyzing the HTTP User-Agent string?

80

An organization uses Cisco ISE to enforce posture compliance. After a user's machine is patched, ISE sends a command to the switch to reclassify the endpoint from a restricted VLAN to a full-access VLAN. Which ISE feature accomplishes this?

81

Which component in an 802.1X deployment is responsible for relaying authentication messages between the client and the authentication server?

82

A company deploys Cisco Duo for multi-factor authentication to protect VPN access. Employees use AnyConnect to connect to the corporate network. After entering their credentials, they receive a push notification on their mobile device. Which Duo authentication method is being used?

83

A security team is implementing Privileged Access Management (PAM) using CyberArk integrated with Cisco SecureX. They need to provide just-in-time access to a critical server for a specific task, with automatic password rotation after use. Which PAM capability addresses this requirement?

84

An endpoint security engineer wants to protect against memory injection attacks on endpoints running Windows. Which Cisco AMP feature should be enabled?

85

A network engineer is configuring Cisco ISE for wireless 802.1X authentication. The company wants to use certificate-based authentication for all corporate devices. Which EAP method should be configured?

86

An organization uses Cisco ISE with TrustSec to assign Security Group Tags (SGTs) to endpoints based on their role. An endpoint initially receives an SGT for 'Employees' but after a posture check reveals missing antivirus updates, ISE changes the SGT to 'Quarantine'. Which ISE feature dynamically updates the SGT?

87

A security analyst needs to investigate a potential breach on an endpoint running Cisco AMP. The analyst wants to remotely execute commands to gather forensic data and potentially isolate the endpoint from the network. Which Cisco AMP EDR capability should the analyst use?

88

A network administrator is deploying Cisco ISE for network access control. The administrator needs to profile devices that connect to the network. Which TWO probes can be used to gather information for device profiling? (Choose two.)

89

A security team is implementing endpoint hardening measures. They want to ensure that only approved applications can run, monitor for suspicious behavior, and have the ability to isolate processes if needed. Which THREE Cisco AMP features should they enable? (Choose three.)

90

An administrator is configuring Cisco Duo for multi-factor authentication. Which THREE authentication methods can Duo provide to users? (Choose three.)

91

A security analyst notices that a file that was initially allowed by Cisco AMP for Endpoints has later been determined to be malicious. The analyst needs to investigate the file's propagation across endpoints. Which Cisco AMP feature should the analyst use to view the timeline of events?

92

An organization wants to deploy Cisco ISE to authenticate devices that do not support 802.1X supplicant software, such as printers and IoT sensors. Which authentication method should be configured on the switch port to allow these devices network access?

93

A network administrator is configuring Cisco ISE for posture assessment. A Windows laptop connects to the network and passes 802.1X authentication. ISE then checks if the antivirus software is running and if the OS patches are up to date. If the posture check fails, ISE should dynamically restrict the endpoint to a remediation VLAN. Which mechanism allows ISE to change the VLAN assignment after authentication without requiring the user to reauthenticate?

94

An organization wants to enforce multi-factor authentication (MFA) for VPN access using Cisco AnyConnect. Which Cisco product integrates with AnyConnect to provide MFA via push notifications or one-time passwords?

95

A security engineer is deploying Cisco AMP for Endpoints and wants to ensure that the client can detect and block memory injection attacks. Which AMP feature should be enabled to provide this protection?

96

A network administrator is configuring Cisco ISE for device profiling. The goal is to identify the type of device (e.g., Windows PC, iPhone, printer) connecting to the network. Which probe should be used to gather the DHCP option 60 (vendor class identifier) and option 12 (hostname) information?

97

Which 802.1X component is responsible for enforcing access control on the network and relaying authentication messages between the client and the authentication server?

98

An organization uses Cisco ISE for guest access. They want to allow guests to create their own accounts through a web portal while requiring approval from a sponsor before network access is granted. Which guest access method should be configured?

99

A security analyst is investigating an incident on an endpoint protected by Cisco AMP. The analyst needs to isolate the compromised process and prevent it from communicating with other processes or the network. Which EDR capability should be used to achieve this?

100

Which Cisco product provides privileged access management (PAM) capabilities such as just-in-time access, session recording, and password vaulting through integration with CyberArk?

101

A network administrator is configuring 802.1X on a Cisco switch for corporate Windows laptops. The organization uses certificates for authentication. Which EAP method should be configured on the supplicant and ISE to provide certificate-based mutual authentication?

102

An organization wants to deploy endpoint hardening by allowing only approved applications to run. Which technology should be implemented to achieve this?

103

A network engineer is configuring Cisco ISE to assign Security Group Tags (SGTs) to endpoints based on their identity and role. Which two components are required for TrustSec SGT classification and enforcement? (Choose two.)

104

A security analyst needs to investigate a potential breach on an endpoint. Cisco AMP for Endpoints provides several EDR capabilities. Which three actions can the analyst perform using AMP's EDR features? (Choose three.)

105

An organization wants to implement multi-factor authentication (MFA) for administrative access to network devices. Which two methods can be used with Cisco Duo to provide MFA for admin access? (Choose two.)

106

An administrator needs to enforce 802.1X authentication for devices that do not support 802.1X supplicants. Which method should be configured on Cisco ISE to allow these devices to authenticate?

107

A security analyst notices that a file initially deemed 'unknown' by Cisco AMP for Endpoints was later reclassified as 'malicious'. The analyst needs to investigate the propagation of this file across endpoints. Which Cisco AMP feature provides a timeline view of file activity and spread?

108

Cisco ISE is configured with posture assessment to ensure endpoints meet security requirements before gaining network access. After a posture check, ISE needs to dynamically change the VLAN assignment for a non-compliant endpoint. Which ISE feature enables this real-time change?

109

A company uses Cisco ISE for network access control. They want to authenticate users connecting via VPN using multi-factor authentication. Which solution integrates with ISE to provide MFA for AnyConnect VPN?

110

In the 802.1X authentication process, which component is responsible for relaying authentication messages between the client and the authentication server?

111

An organization wants to grant temporary administrative access to a server for a specific task and automatically revoke the access after the task is completed. Which Cisco solution should be used?

112

A security team deploys Cisco AMP for Endpoints and wants to detect and block memory injection attacks. Which AMP feature should be enabled to achieve this?

113

Cisco ISE uses profiling to identify the type of device connecting to the network. Which probe helps ISE identify a device by analyzing the DHCP requests it sends?

114

An administrator configures Cisco ISE for guest access with a sponsor portal. What is the primary purpose of the sponsor portal?

115

An endpoint running Cisco AMP for Endpoints is suspected of being compromised. The security analyst needs to isolate the process and perform a live investigation. Which EDR capability should the analyst use?

116

An organization uses Cisco ISE for network access control. They want to authenticate users with certificates for strong security. Which two EAP methods support certificate-based authentication? (Choose two.)

117

Cisco ISE can profile endpoints using various probes. Which three probes are used for device profiling? (Choose three.)

118

Cisco AMP for Endpoints provides endpoint protection. Which two are core capabilities of AMP? (Choose two.)

119

An organization wants to implement EDR capabilities for endpoints. Which three actions are typically associated with EDR? (Choose three.)

120

Cisco TrustSec uses Security Group Tags (SGTs) for policy enforcement. Which two components are required for TrustSec to function? (Choose two.)

121

A network administrator is deploying Cisco ISE for network access control. The network includes printers and IP phones that do not support 802.1X. Which TWO methods can be used to authenticate these devices?

122

A security analyst is investigating a malware outbreak that occurred on endpoints protected by Cisco AMP for Endpoints. The malware was initially undetected but later identified as malicious based on new threat intelligence. Which THREE capabilities of AMP allow the analyst to trace the infection and remediate?

123

An organization wants to implement multi-factor authentication for remote VPN access using Cisco AnyConnect. Which TWO authentication methods are supported when integrating with Cisco Duo?

124

A network engineer is configuring Cisco TrustSec on a switch to enforce segmentation. Which THREE components are required for TrustSec to assign a Security Group Tag (SGT) to a user after successful authentication via ISE?

125

An organization is implementing Privileged Access Management (PAM) using CyberArk integrated with Cisco SecureX. Which THREE capabilities are typically provided by such a PAM solution?

Practice all 125 Endpoint Security and Identity questions

Other 350-701 exam domains

Security ConceptsNetwork SecurityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Frequently asked questions

What does the Endpoint Security and Identity domain cover on the 350-701 exam?

The Endpoint Security and Identity domain covers the key concepts tested in this area of the 350-701 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 350-701 domains — no account required.

How many Endpoint Security and Identity questions are in the 350-701 question bank?

The Courseiva 350-701 question bank contains 125 questions in the Endpoint Security and Identity domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Endpoint Security and Identity for 350-701?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Endpoint Security and Identity questions for 350-701?

Yes — the session launcher on this page draws questions exclusively from the Endpoint Security and Identity domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 350-701 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

350-401200-301CISSP