Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-701DomainsSecurity Concepts
350-701Free — No Signup

Security Concepts

Practice 350-701 Security Concepts questions with full explanations on every answer.

80questions

Start practicing

Security Concepts — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

350-701 Domains

Security ConceptsNetwork SecurityEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Practice Security Concepts questions

10Q20Q30Q50Q

All 350-701 Security Concepts questions (80)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Which security model requires that all subjects and devices are untrusted by default, and access is granted only after verification, regardless of the network location?

2

A security analyst notices unusual outbound traffic from an internal host to a known malicious IP address on TCP port 4444. The host is also exhibiting high CPU usage and running an unknown process. Which type of malware is most likely present?

3

An organization wants to ensure that digital certificates issued by its internal CA are validated for revocation in real-time. Which protocol should be implemented to allow clients to check certificate status without downloading a full CRL?

4

During a penetration test, an attacker sends a malicious payload to a web application that causes the server to execute arbitrary SQL commands on the backend database. Which type of attack is being performed?

5

A security administrator is configuring a Cisco Firepower NGFW to detect and block application-layer DDoS attacks. Which type of DDoS attack is characterized by overwhelming a server with incomplete HTTP requests, causing resource exhaustion?

6

Which cryptographic algorithm is considered deprecated and should be avoided due to known vulnerabilities, especially when used in digital signatures and certificate signing?

7

An attacker uses ARP spoofing to intercept traffic between two devices on the same subnet. After successfully becoming a man-in-the-middle, the attacker can then perform which further attack to downgrade HTTPS connections to HTTP?

8

In a PKI hierarchy, which component is responsible for issuing and revoking certificates for end entities, and is directly subordinate to the root CA?

9

A security engineer is evaluating authentication methods. Which authentication factor category does a fingerprint scanner fall under?

10

Which Cisco security product is primarily designed to provide DNS-layer security by blocking requests to malicious domains?

11

A network administrator is configuring an ASA to enforce that traffic between two internal zones must be inspected by the firewall. Which security principle is being applied?

12

An attacker performs a DNS cache poisoning attack on a recursive DNS server. What is the primary impact of this attack?

13

A security analyst is investigating a potential insider threat. Which TWO indicators are most commonly associated with malicious insider activity? (Choose two.)

14

A company is implementing a Zero Trust architecture. Which THREE principles are core to the Zero Trust model? (Choose three.)

15

A network engineer is tasked with securing email communications. Which TWO Cisco products are specifically designed for email security? (Choose two.)

16

A security analyst is reviewing logs and sees multiple failed login attempts from a single IP address, followed by a successful login. Which type of attack does this represent?

17

An organization wants to implement a security model where no user or device is trusted by default, regardless of whether they are inside or outside the network perimeter. Which concept does this describe?

18

A security engineer is configuring a Cisco Firepower NGFW to detect and block a new malware variant that communicates with a command-and-control server using encrypted DNS queries. Which Cisco security product is best suited to provide visibility into this malicious DNS traffic?

19

Which of the following is an example of a passive reconnaissance technique?

20

A company deploys a solution that uses a root certificate authority (CA) and intermediate CAs to issue certificates. What is the term for the hierarchical structure of certificates from the root CA to the end entity?

21

Which Cisco security product provides identity-based access control and policy enforcement for wired and wireless networks?

22

An attacker intercepts traffic between a client and a server and modifies the communication without either party knowing. Which type of attack is being performed?

23

Which encryption algorithm is classified as symmetric?

24

A security team implements a policy where users must provide a password and a one-time code from a mobile app. Which authentication factors are being used?

25

A Cisco ESA administrator notices that a large number of emails with malicious attachments are being delivered to users. Which feature should be configured to inspect attachments in a sandbox environment before delivery?

26

What is the primary purpose of a digital signature?

27

Which type of malware is characterized by encrypting files on a victim's system and demanding payment for the decryption key?

28

A security analyst is investigating a potential ARP spoofing attack. Which two symptoms would indicate this type of attack?

29

Which three components are part of the CIA triad?

30

A company is planning to deploy a Zero Trust architecture. Which two principles are fundamental to Zero Trust?

31

Which component of the CIA triad ensures that data is not altered by unauthorized entities during transmission?

32

An attacker uses a tool to scan a target network for open ports and running services. Which type of reconnaissance does this represent?

33

A security administrator is evaluating symmetric encryption algorithms for a new VPN deployment. Which algorithm uses a 128-bit block size and supports key sizes of 128, 192, and 256 bits?

34

Which of the following is a characteristic of a zero trust security model?

35

An employee receives an email that appears to be from the company's IT department requesting their login credentials. This is an example of which type of attack?

36

A security engineer is configuring a Cisco Firepower NGFW to detect a buffer overflow attack. Which attack vector is this?

37

What is the primary function of a Certificate Revocation List (CRL) in a PKI?

38

Which Cisco security product provides DNS-layer security to block malicious domains and cloud-based threats?

39

An organization implements multi-factor authentication requiring a password and a fingerprint scan. Which two authentication factors are being used?

40

An attacker intercepts traffic between a client and server using ARP spoofing. Which type of attack is this?

41

Which Cisco security product is primarily used for endpoint threat detection and retrospective security?

42

What is the primary purpose of a digital signature?

43

An organization is implementing a zero trust architecture. Which two principles are foundational to this model? (Choose two.)

44

A security analyst detects a DDoS attack targeting the company's web server. Which three attack types are classified as application layer attacks? (Choose three.)

45

Which three cryptographic algorithms are considered secure for use in modern systems? (Choose three.)

46

An attacker uses Shodan to discover internet-facing ICS devices and then performs banner grabbing. This is an example of which type of attack?

47

A security analyst notices traffic from an internal host to an external IP address on port 4444, and the host's CPU is high. The host has been running unknown processes. Which type of malware is most likely involved?

48

An organization implements a policy where every access request must be authenticated and authorized, even if it originates from within the internal network. Network segments are isolated, and lateral movement is restricted through microsegmentation. Which security model does this align with?

49

Which Cisco product provides DNS-layer security to block malicious domains and prevent connections to malware command-and-control servers?

50

An attacker intercepts communication between a client and server by spoofing ARP messages to associate the attacker's MAC address with the server's IP. This is an example of which type of attack?

51

A web application accepts user input and directly includes it in SQL queries without sanitization. An attacker submits a single quote (') to cause a syntax error. What is this attack called?

52

A security engineer needs to choose a hashing algorithm for storing passwords. Which of the following should be avoided due to known collision vulnerabilities?

53

Which authentication factor does a fingerprint scanner represent?

54

When a certificate is revoked, which protocol allows a client to check the revocation status in real-time without downloading a full CRL?

55

Which Cisco product provides advanced malware protection for endpoints, including file analysis and retrospective security?

56

An attacker sends a flood of SYN packets with spoofed IP addresses to a server, causing it to allocate resources for half-open connections until it can no longer accept legitimate traffic. This is which type of DDoS attack?

57

Which symmetric encryption algorithm is considered the current standard and is often used in VPNs and SSL/TLS?

58

A security analyst observes a sustained increase in traffic from many different IP addresses to a single web application, causing CPU spikes. The traffic consists of legitimate-looking HTTP GET requests for the same resource. Which TWO types of attack could this be? (Choose two.)

59

A company wants to implement a Zero Trust architecture. Which THREE principles should be included? (Choose three.)

60

A network administrator wants to deploy security products that provide network-based intrusion prevention and advanced threat detection. Which TWO Cisco products are most suitable? (Choose two.)

61

A security analyst is reviewing logs and identifies numerous ICMP echo requests from an external IP address to multiple internal hosts. Which type of reconnaissance activity is this?

62

An attacker injects a malicious SQL query into a web application's login form, bypassing authentication. Which type of exploitation is this?

63

A company's server is infected with malware that encrypts files and demands payment for decryption. Which type of malware is this?

64

Which cryptographic algorithm is a symmetric block cipher commonly used in modern VPNs and is considered secure?

65

A PKI administrator needs to check the revocation status of a certificate without causing a heavy load on the CA. Which protocol should be used?

66

Which security model mandates that access decisions should be based on context, device posture, and user identity, and never trust any entity by default?

67

An attacker intercepts ARP packets on a local network and associates their MAC address with the IP address of a legitimate host. This is an example of which attack?

68

A security engineer is evaluating Cisco solutions to detect and respond to network anomalies, including potential insider threats, by analyzing NetFlow data and behavioral patterns. Which Cisco product is best suited?

69

Which authentication factor relies on something the user is, such as a fingerprint or retina scan?

70

A company wants to protect against DNS-based attacks by filtering malicious domains and providing secure DNS resolution. Which Cisco product should be deployed?

71

During an incident response, a forensic analyst finds that an attacker used a script to modify ARP tables, enabling them to intercept and modify traffic between two hosts. Which attack technique was used?

72

Which Cisco product provides next-generation firewall (NGFW) capabilities, including application visibility and intrusion prevention?

73

A security administrator is implementing a zero-trust architecture. Which two principles are core to the zero-trust model? (Choose two.)

74

An organization is experiencing a DDoS attack that floods the network with large volumes of traffic, overwhelming bandwidth. Which three types of DDoS attacks are primarily volumetric? (Choose three.)

75

A security team is investigating a breach where the attacker gained access to a server using stolen credentials. Later, the attacker moved laterally and exfiltrated data. Which three security controls would best help detect and prevent lateral movement? (Choose three.)

76

A security engineer is implementing a zero trust architecture. Which TWO principles are foundational to zero trust? (Choose two.)

77

An organization is experiencing repeated SQL injection attacks. A security analyst is tasked with recommending mitigations. Which THREE actions are most effective in preventing SQL injection? (Choose three.)

78

A network administrator is configuring PKI for secure communications. Which TWO components are essential for a public key infrastructure? (Choose two.)

79

A security analyst is investigating a malware outbreak. Analysis reveals a remote access trojan (RAT) that communicates with a command-and-control (C2) server. Which TWO behaviors are typical of a RAT? (Choose two.)

80

An organization is adopting Cisco's security portfolio. Which THREE products are correctly paired with their primary function? (Choose three.)

Practice all 80 Security Concepts questions

Other 350-701 exam domains

Network SecurityEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Frequently asked questions

What does the Security Concepts domain cover on the 350-701 exam?

The Security Concepts domain covers the key concepts tested in this area of the 350-701 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 350-701 domains — no account required.

How many Security Concepts questions are in the 350-701 question bank?

The Courseiva 350-701 question bank contains 80 questions in the Security Concepts domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Security Concepts for 350-701?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Security Concepts questions for 350-701?

Yes — the session launcher on this page draws questions exclusively from the Security Concepts domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 350-701 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

350-401200-301CISSP