Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-701DomainsNetwork Security
350-701Free — No Signup

Network Security

Practice 350-701 Network Security questions with full explanations on every answer.

125questions

Start practicing

Network Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

350-701 Domains

Security ConceptsNetwork SecurityEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Practice Network Security questions

10Q20Q30Q50Q

All 350-701 Network Security questions (125)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

An engineer is configuring a Cisco ASA and needs to ensure that traffic from the outside interface to a web server on the DMZ is allowed. The inside interface is security level 100 and the DMZ is level 50. The outside interface is level 0. Which statement about the default traffic flow is true?

2

A network administrator is configuring NAT on a Cisco ASA to allow internal users to access the internet using a single public IP address. The internal network uses RFC 1918 addresses. Which type of NAT should be configured?

3

An engineer is configuring a Modular Policy Framework (MPF) on a Cisco ASA to inspect HTTP traffic and apply QoS. The engineer creates a class-map to match HTTP traffic using the 'match port tcp 80' command. However, the policy is not being applied correctly. What is the most likely reason?

4

A company uses Cisco Firepower Threat Defense (FTD) managed by FMC. They need to create an access control policy that allows traffic from specific source IPs to a web server, but blocks all other traffic. How should the rule base be ordered?

5

A security administrator is investigating an alert from an IPS that detected a SQL injection attempt. The alert was triggered by a signature that looks for specific patterns in the traffic. What type of detection method is this?

6

A Cisco Firepower administrator configures an access control policy with a rule that trusts traffic from a specific source network. What is the effect of the trust action on the traffic?

7

An engineer is deploying a Cisco FTD in inline mode and wants to inspect SSL/TLS traffic using the 'decrypt-resign' action. What must be configured on the client devices to avoid certificate errors?

8

A company is deploying Cisco AnyConnect SSL VPN and wants to enforce different access policies based on the endpoint's antivirus status. Which feature should be used?

9

A Cisco ASA is configured with a site-to-site VPN using IKEv2. Which component defines the encryption and authentication algorithms for the IPsec tunnel?

10

A security analyst is tuning Snort rules to reduce false positives. The analyst identifies a rule that triggers on a common benign application. Which action should be taken to suppress alerts for that specific traffic without disabling the rule entirely?

11

An engineer configures a Cisco FTD in a high-availability pair with active/standby failover. The primary unit fails, and the standby takes over. After the primary recovers, what must be done to ensure it resumes as active?

12

A company uses Cisco Firepower with FMC and wants to block access to social media websites for all users. Which feature should be used to create this policy?

13

A Cisco FTD is deployed in inline mode and configured with an access control policy. The policy includes rules with actions: Trust, Allow, Block, and Interactive Block. Which two statements about these actions are correct? (Choose two.)

14

An engineer is configuring a Cisco ASA to support a DMZ segment. Which three of the following are best practices for DMZ design? (Choose three.)

15

A network engineer is configuring site-to-site IPsec VPN on a Cisco ASA using IKEv2. Which two components are required for IKEv2 configuration? (Choose two.)

16

An administrator configures a Cisco ASA with an interface named 'inside' at security level 100 and 'outside' at security level 0. Which statement about traffic flow is true?

17

A network engineer is configuring NAT on a Cisco ASA for internal servers to be accessible from the internet. One server (10.1.1.10) must always be reachable via a fixed public IP (203.0.113.10). Which NAT type should be used?

18

An engineer is configuring an access control policy on Cisco FMC for FTD. The policy must allow HTTP traffic from the inside zone to the outside zone, but block all other traffic. Which rule configuration is correct?

19

Which Snort rule action causes the FTD to drop a packet and generate an alert?

20

A Cisco FTD device is deployed in inline mode and configured with an SSL policy to decrypt traffic. The policy uses 'Decrypt - Known Key' for traffic to an internal server. What is required for this decryption to work?

21

An organization needs to inspect traffic between two internal zones (e.g., HR and IT) on a Cisco FTD. Which deployment mode is appropriate?

22

An administrator is configuring a site-to-site IKEv2 VPN between two Cisco ASAs. Which configuration component defines the encryption and authentication algorithms for the IPsec SA?

23

What is the primary difference between signature-based and anomaly-based intrusion detection?

24

An organization deploys Cisco FTD in a high-availability pair using active/standby. If the active unit fails, what happens to existing connections?

25

A Cisco FMC administrator needs to create a file policy to detect malware in HTTP downloads. The policy should allow the file to be delivered if it is known clean, block if known malicious, and allow but capture for analysis if unknown. Which combination of actions is required?

26

Which Cisco FTD feature provides application visibility and control (AVC) to identify and block applications like Facebook or Skype?

27

An administrator configures a Cisco ASA with a DMZ interface at security level 50. Traffic from the inside (level 100) to the DMZ (level 50) is allowed by default. What additional configuration is needed to allow traffic from the DMZ to the inside?

28

A security engineer is tuning Snort rules on a Cisco FTD to reduce false positives. Which action should be taken if a rule is generating alerts for legitimate traffic?

29

An organization uses Cisco AnyConnect SSL VPN with DTLS enabled. What is the primary benefit of DTLS?

30

A network architect is designing a DMZ for a web server that must be accessible from the internet. The server should not initiate connections to the internal network. Which firewall rule best achieves this?

31

An administrator is configuring Dynamic Access Policies (DAP) on a Cisco ASA for AnyConnect VPN. Which two attributes can be used to create DAP rules? (Choose two.)

32

A Cisco FTD is configured with an access control policy that includes an intrusion policy. Which three actions can be set in an access control rule regarding intrusion inspection? (Choose three.)

33

An organization is planning to deploy Cisco FTD in a high-availability pair. Which two statements about active/active failover are true? (Choose two.)

34

A security administrator is configuring URL filtering on Cisco FTD. Which three categories are commonly used in URL filtering policies? (Choose three.)

35

An engineer is configuring a Cisco ASA for site-to-site IKEv2 VPN with a VTI. Which two statements about VTI are true? (Choose two.)

36

An engineer is configuring an ASA to allow inbound HTTP traffic from the outside to a server on the DMZ. The outside interface has security level 0 and the DMZ interface has security level 50. Which set of commands correctly implements the required access and NAT?

37

A security administrator is configuring a Cisco FTD device using FMC. The goal is to block traffic from a specific country and allow all other traffic. Which action should be taken in the access control policy?

38

On a Cisco ASA, which table holds information about translated addresses for active connections?

39

An engineer is tuning Snort signatures on a Cisco FTD to reduce false positives. A rule triggers on legitimate traffic that matches a known exploit pattern but is actually benign. Which tuning technique would be most appropriate to suppress the alerts without completely disabling the rule?

40

A company uses Cisco AnyConnect for remote access VPN. They want to allow only specific Active Directory groups to access the corporate network. Which feature on the ASA or FTD should be configured to enforce this?

41

A Cisco FTD is deployed in inline mode and is configured with a file policy to detect malware. When a file is transferred, the FTD computes a SHA-256 hash and checks it against AMP cloud. The cloud returns 'unavailable' for the hash. What action will the FTD take by default?

42

Which type of VPN on Cisco ASA is typically used for site-to-site connectivity and encrypts all traffic between two sites?

43

An organization has a Cisco ASA with two interfaces: inside (security 100) and outside (security 0). They want to allow traffic from inside to outside without NAT for a specific subnet. Which configuration achieves this?

44

A security analyst is monitoring the Cisco FMC and notices a high number of false positives from an intrusion rule that detects SQL injection attempts. The legitimate web application frequently generates similar patterns. Which course of action would reduce false positives while maintaining detection for actual attacks?

45

Which of the following is a characteristic of a stateful firewall like Cisco ASA?

46

A Cisco FTD is configured with SSL/TLS inspection using the 'decrypt-known-key' method. Which traffic can be decrypted with this method?

47

A network engineer is deploying a Cisco FTD in active/standby high availability. Which statement is true about the configuration synchronization?

48

A security administrator is deploying a Cisco ASA in a DMZ architecture. The inside interface is security 100, outside interface is security 0, and DMZ interface is security 50. Which TWO statements about traffic flow are correct?

49

A company is designing a network segmentation strategy using firewalls. Which THREE considerations are important for a defense-in-depth approach?

50

A Cisco FTD is configured with an access control policy that includes a rule to allow traffic from a specific source subnet. However, traffic is being blocked. Which TWO possible causes should be checked?

51

Which interface security level is assigned to the inside interface on a Cisco ASA by default?

52

An engineer wants to configure NAT on a Cisco ASA such that multiple internal hosts share a single public IP address when accessing the internet. Which NAT type should be used?

53

A Cisco FTD device managed by FMC is processing traffic. An access control rule is configured with the action 'Interactive Block'. What behavior does this action trigger?

54

In a Snort intrusion detection rule, which part specifies the action to take when the rule matches?

55

An organization wants to deploy Cisco Firepower in a high-availability pair with active/standby failover. Which management solution allows this configuration?

56

Which deployment mode allows a Cisco Firepower NGFW to inspect traffic without being in the direct forwarding path?

57

A network engineer is configuring a site-to-site VPN between two Cisco ASAs using IKEv2. Which component defines the encryption and hash algorithms for Phase 2?

58

An engineer observes that the Cisco ASA connection table shows a consistent number of entries for UDP traffic, but the xlate table shows no entries. What is the most likely reason?

59

Which Cisco Firepower feature uses SHA-256 hashes to determine the disposition of files and block malware?

60

On a Cisco ASA, which command applies a policy-map globally to all interfaces?

61

A Cisco FTD device is configured with an SSL decryption rule using 'Decrypt - Known Key'. In which scenario is this action appropriate?

62

In Cisco ASA modular policy framework, what is the function of a class-map?

63

A security analyst is tuning Snort IPS rules to reduce false positives. Which TWO strategies are effective?

64

An engineer is configuring a Cisco AnyConnect SSL VPN for remote access. Which TWO features are commonly used to control access based on endpoint security posture?

65

A company wants to deploy a DMZ segment accessible from the internet. Which THREE considerations are critical for firewall zone design and security?

66

An engineer is configuring a Cisco ASA to allow traffic from the inside (security level 100) to the outside (security level 0). They create an access list permitting HTTP traffic from inside to outside and apply it to the inside interface inbound. What is the expected behavior?

67

A network administrator is configuring site-to-site IPsec VPN between two Cisco ASAs using IKEv2. They want to ensure that only specific subnets are encrypted, using Virtual Tunnel Interface (VTI). Which configuration element is essential for VTI?

68

A Cisco FTD device is deployed in inline mode and is configured with an access control policy that includes an Intrusion Policy set to 'Balanced Security and Connectivity' and a File Policy with Malware & File blocking enabled. Traffic from a host inside to an external server is allowed by an access control rule. The administrator notices that a file download (PDF) is being blocked even though the file has a good reputation. What is the most likely cause?

69

An organization is deploying Cisco Firepower Threat Defense (FTD) in a high-availability (HA) pair in active/standby mode. Which statement about state synchronization is true?

70

A security analyst is reviewing Snort rule output and sees an alert with the following details: action: alert, protocol: tcp, src: any, dst: any, content: 'malicious'. What type of detection is this rule using?

71

A company uses Cisco Firepower Management Center (FMC) to manage multiple FTD devices. They want to create an access control policy that allows traffic from a specific user group (Active Directory) to access a web server on the internet, but blocks all other traffic from that group to the internet. Which identity source should be configured in FMC?

72

An engineer is configuring Dynamic Access Policy (DAP) on an ASA for AnyConnect VPN. They want to assign different access policies based on the client's anti-virus status and device posture. What must be configured to obtain this information?

73

A Cisco FTD sensor is deployed in passive mode (IDS) and is receiving traffic via a network tap. The access control policy is configured with an intrusion policy set to 'Security over Connectivity'. However, the administrator notices that the sensor is not generating alerts for some attacks that were identified by a previous inline sensor. What is the most likely reason?

74

Which NAT type on a Cisco ASA translates both the source and destination IP addresses and is typically used to allow external hosts to access internal servers?

75

A network architect is designing a DMZ for a web server farm. The ASA firewall will have three interfaces: inside (level 100), DMZ (level 50), and outside (level 0). They want to allow HTTP traffic from the internet to the DMZ web servers and also allow the web servers to initiate connections to the inside for database updates. What is the minimal ACL configuration to achieve this?

76

A Cisco FTD administrator is configuring SSL/TLS inspection. They want to inspect encrypted traffic to an external website that uses a certificate signed by a public CA. Which SSL/TLS inspection action should be used to decrypt this traffic?

77

An organization is deploying Cisco AnyConnect VPN with split tunneling. They want to ensure that only traffic destined for the corporate network goes through the VPN tunnel, while internet-bound traffic goes directly. Which configuration element on the ASA controls this?

78

Which Cisco Firepower management option is used for on-box management of a single FTD device, without a separate management center?

79

A security engineer is tuning an IPS to reduce false positives. They notice that legitimate traffic is triggering a signature for a worm that uses a specific HTTP GET request. The engineer wants to disable the signature for that specific traffic pattern but keep it enabled for other traffic. What is the best approach?

80

A Cisco FTD device is configured with an access control policy that has multiple rules. The first rule is 'Allow' for all traffic from the internal network to the internet. The second rule is 'Block' for traffic from a specific internal host to any destination. However, the administrator notices that the specific host can still access the internet. What is the most likely cause?

81

A security administrator is configuring a Cisco Firepower system for network discovery and wants to identify hosts and services on the network. Which two actions must be configured to enable network discovery? (Choose two.)

82

A company is using Cisco ASA with AnyConnect VPN. They want to implement Dynamic Access Policy (DAP) to enforce access based on device compliance. Which two attributes can DAP use to evaluate endpoint posture? (Choose two.)

83

A network engineer is configuring a Cisco ASA to use the Modular Policy Framework (MPF) for advanced traffic inspection. Which three components are part of the MPF? (Choose three.)

84

Which two actions are valid actions in a Cisco Firepower access control rule? (Choose two.)

85

A security analyst is investigating a potential intrusion and suspects that the IPS is missing some attacks (false negatives). Which two factors can contribute to false negatives in signature-based IPS? (Choose two.)

86

An engineer configures a Cisco ASA firewall with three interfaces: inside (security level 100), outside (security level 0), and DMZ (security level 50). Traffic from the inside network to the DMZ network is sourced from 10.1.1.0/24 and destined to 192.168.1.0/24. The inside interface is configured with IP 10.1.1.1, DMZ interface with IP 192.168.1.1. An ACL on the inside interface permits IP traffic from 10.1.1.0/24 to 192.168.1.0/24. What happens when a packet from 10.1.1.10 to 192.168.1.10 arrives at the inside interface?

87

A network administrator is configuring site-to-site VPN between two Cisco ASA firewalls using IKEv2. The administrator wants to ensure that the VPN tunnel uses the most secure encryption algorithm available. Which encryption algorithm should be selected in the IKEv2 proposal?

88

Which statement accurately describes the difference between signature-based and anomaly-based intrusion detection?

89

An engineer is configuring Cisco Firepower Threat Defense (FTD) in inline NGFW mode. The access control policy must block all traffic from geolocation 'North Korea' and allow all other traffic. Which type of rule should be used and in what order should it be placed?

90

In Cisco Firepower Management Center (FMC), which action in an access control rule will send a TCP RST to the source and destination and log the event?

91

A Cisco ASA is configured with dynamic PAT to translate internal addresses to a single outside IP address. A user on the inside initiates a connection to an external web server. The ASA creates a connection entry. Which table is checked first when a return packet arrives from the web server?

92

An FTD device is deployed in passive mode. Which statement about its traffic processing is true?

93

A Cisco ASA has three interfaces: inside (100), outside (0), and DMZ (50). A static NAT rule is configured to map the DMZ server 10.1.1.10 to outside address 200.1.1.10. An ACL on the outside interface permits traffic to 200.1.1.10. A host on the internet sends a packet to 200.1.1.10. What happens when the packet hits the outside interface?

94

Which of the following is a benefit of using Dynamic Access Policy (DAP) for AnyConnect SSL VPN?

95

An engineer configures a Cisco ASA in a DMZ architecture. The DMZ hosts web servers that need to be accessible from the internet. Which security level should be assigned to the DMZ interface to ensure proper traffic flow without additional ACLs for return traffic?

96

In Cisco Firepower, a file policy is configured with a rule that detects malware. The action is set to 'Malware Cloud Lookup'. What happens if the SHA-256 hash of a file is unknown to the AMP cloud?

97

Which component of a Snort rule specifies the action to take when the rule conditions are matched?

98

An engineer wants to configure high availability on a pair of Cisco Firepower Threat Defense (FTD) devices. Which HA mode supports active/standby failover with stateful replication of connection information?

99

In Cisco Firepower, an access control policy has multiple rules. Rule 1: Allow HTTP from any to any. Rule 2: Block HTTP from 10.0.0.0/8 to any. A packet from 10.0.0.1 to 192.168.1.1 with destination port 80 is inspected. What action is taken?

100

Which of the following is a characteristic of a 'false negative' in intrusion detection?

101

A network security engineer is configuring Cisco ASA for remote access VPN using AnyConnect. Which two components must be configured to enable split tunneling? (Choose two.)

102

An engineer is deploying Cisco Firepower Threat Defense (FTD) in inline mode and needs to decrypt SSL traffic for inspection. Which two methods are supported by FTD for SSL decryption? (Choose two.)

103

Which three actions are available in a Cisco Firepower access control rule? (Choose three.)

104

An engineer needs to allow inbound HTTP traffic from the internet to a web server in the DMZ on a Cisco ASA. The DMZ interface security level is 50, and the outside interface is 0. Which interface direction should the access control entry be applied?

105

A network administrator is configuring a site-to-site VPN between two Cisco ASA firewalls using IKEv2. Which component defines the encryption and authentication algorithms for the IPsec SA?

106

A security analyst notices a high number of false positives from an intrusion detection system (IDS) using signature-based detection. Which action would best reduce false positives while maintaining detection of real threats?

107

A Cisco FTD device is deployed inline and configured with an access control policy that includes a rule to block traffic from a specific source IP address. However, traffic from that IP is still passing through. What is the most likely cause?

108

On a Cisco ASA, which NAT type allows multiple internal hosts to share a single public IP address by using different source ports?

109

A company uses a Cisco FMC to manage multiple FTD devices. They want to decrypt SSL/TLS traffic from internal users to external websites using a known private key. Which SSL decryption method should they use?

110

A security engineer is configuring a Cisco FTD high availability pair in active/standby mode. Which statement is true about the failover configuration?

111

A Cisco ASA is configured with a modular policy framework to inspect HTTP traffic. The class-map matches HTTP traffic, and the policy-map applies inspection. Which command correctly applies the policy to an interface?

112

Which Cisco Firepower management option allows direct device management without a separate server, using a web interface on the FTD itself?

113

An engineer wants to block traffic from a specific country on a Cisco FTD. Which feature should be used in the access control policy?

114

A Cisco FTD is configured with a file policy to detect malware. The policy includes a rule to block files with a SHA-256 hash that is known to be malicious. Which component provides the SHA-256 disposition?

115

Which VPN technology allows Cisco AnyConnect clients to use UDP for transport to avoid TCP overhead and improve performance?

116

A Cisco FTD is deployed in a data center and needs to provide intrusion prevention and application control. Which two actions are available in an access control rule? (Choose two.)

117

An engineer is tuning an IPS on a Cisco FTD to reduce false positives. Which three techniques are effective? (Choose three.)

118

A company uses Cisco AnyConnect for remote access VPN. Which two components are used to enforce policies based on endpoint posture? (Choose two.)

119

An engineer is configuring a Cisco ASA to allow inbound HTTPS traffic from the outside to a web server on the DMZ. The outside interface has security level 0, the DMZ interface has security level 50, and the inside has security level 100. Which set of commands correctly allows the traffic considering stateful inspection?

120

A Cisco FTD device is deployed in passive mode. The security team wants to block malicious traffic without affecting legitimate traffic. Which action should be used in the access control policy rule?

121

An organization is using Cisco FMC with FTD devices. They want to detect and block malware in HTTP traffic. Which policy component must be configured to inspect files and submit SHA-256 hashes to AMP cloud for disposition?

122

Which of the following is a characteristic of anomaly-based intrusion detection compared to signature-based detection?

123

A network security engineer is configuring site-to-site IPsec VPN between two Cisco ASA firewalls using IKEv2. Which of the following configuration elements is required to define the encryption and integrity algorithms for the IPsec SA?

124

An administrator configures a Cisco ASA with the following Modular Policy Framework (MPF) commands: class-map type inspect http match any policy-map type inspect http http_policy parameters protocol-violation action reset service-policy http_policy global What is the result of this configuration?

125

In a Cisco FTD deployment, which management option allows on-box management without the need for a separate FMC server?

Practice all 125 Network Security questions

Other 350-701 exam domains

Security ConceptsEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Frequently asked questions

What does the Network Security domain cover on the 350-701 exam?

The Network Security domain covers the key concepts tested in this area of the 350-701 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 350-701 domains — no account required.

How many Network Security questions are in the 350-701 question bank?

The Courseiva 350-701 question bank contains 125 questions in the Network Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Network Security for 350-701?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Network Security questions for 350-701?

Yes — the session launcher on this page draws questions exclusively from the Network Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 350-701 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

350-401200-301CISSP