Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›350-701›Objectives›Content Security
Objective 4.0

Content Security

350-701 Practice Questions

Use this page to practise Content Security questions for this certification. Focus on how the exam tests content security in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

350-701 Content Security — Key Topics

Content Security questions on this certification test your ability to deploy and manage content security concepts in scenario-based situations.

  • Core Content Security concepts and how they apply in real-world cloud scenarios.
  • How to deploy content security correctly and verify the outcome.
  • Troubleshooting content security issues by interpreting error output and system state.
  • Cloud best practices and Content Security design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Content Security

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

350-701 Content Security — Practice Questions

30 questions from this objective

Question 2mediummultiple choice
Full question →

A company uses Cisco Umbrella to enforce web security. After deploying a new policy that blocks all social media sites, users report that they cannot access a corporate Salesforce instance that uses a social login feature. Which Umbrella setting should be adjusted to resolve the issue without weakening the policy?

Question 3hardmultiple choice
Full question →

An engineer is troubleshooting a Cisco WSA that is failing to block malware downloads from a specific cloud storage website. The URL filtering policy is set to block the 'Cloud Storage' category, and the Web Reputation score is set to block scores below -5.0. Users can still download files. What is the most likely cause?

Question 4easymultiple choice
Full question →

A network administrator wants to block access to a specific URL category on the Cisco WSA but allow access to all other categories. Which action should be taken in the Access Policy?

Question 5mediummultiple choice
Full question →

An organization is using Cisco ESA to protect against email-borne threats. They notice that some phishing emails are not being caught by the anti-spam engine. The emails contain malicious URLs that are rewritten by the ESA. Which feature should be verified to ensure the rewritten URLs are properly analyzed?

Question 6hardmultiple choice
Read the full DNS explanation →

A company is deploying Cisco Umbrella to enforce security policies for remote users. They want to ensure that DNS requests from roaming clients are routed through Umbrella's DNS resolvers. However, some users are bypassing Umbrella by using third-party DNS servers like Google (8.8.8.8). Which configuration should be applied to prevent this?

Question 7easymultiple choice
Full question →

A network administrator needs to configure Cisco WSA to decrypt HTTPS traffic for inspection. What is the first step that must be completed?

Question 8mediummultiple choice
Full question →

An organization is using Cisco ESA and wants to ensure that outgoing emails containing credit card numbers are blocked before leaving the network. Which feature should be configured?

Question 9hardmultiple choice
Full question →

During a security audit, it is discovered that some malware downloads were not blocked by the Cisco WSA even though the Web Reputation score was set to block scores below -5.0. The logs show that the downloads came from sites with a reputation score of -6.2. What is the most likely reason the downloads were not blocked?

Question 10mediummulti select
Full question →

Which TWO actions are best practices when configuring a Cisco WSA to block malicious websites? (Choose two.)

Question 11hardmulti select
Read the full DNS explanation →

Which THREE features are available in Cisco Umbrella to protect against DNS-based threats? (Choose three.)

Question 12easymulti select
Full question →

Which TWO benefits does the Cisco ESA provide for email security? (Choose two.)

Question 13hardmultiple choice
Full question →

A user in the Engineering group reports that they cannot access a banking website (https://www.examplebank.com). The website is categorized as 'Financial' by the WSA. Based on the exhibit, what is the most likely cause?

Exhibit

Refer to the exhibit.

ciscowsa# show accesspolicy detail PolicyName: Engineering
  Policy: Engineering
  Identification Profiles: Engineering_IP
  User Identification: Transparent
  
  Web Reputation:
    Action: Block
    Threshold: -6.0
  
  URL Filtering:
    Category: Malware
      Action: Block
    Category: Phishing
      Action: Block
    Category: Social Networking
      Action: Monitor
  
  Malware Scanning:
    Action: Scan
    File Types: exe, dll, zip, jar
  
  HTTPS Decryption:
    Action: Decrypt
    Bypass Categories: Financial, Health
Question 14mediummultiple choice
Full question →

An email administrator sees the above log entry in the Cisco ESA. What will happen to the email?

Exhibit

Refer to the exhibit.

log: "Message 12345 from 192.0.2.10 to user@domain.com: DLP violation: Credit card pattern detected. Policy: 'Block Credit Cards' Action: Quarantine"
Question 15mediummultiple choice
Read the full DNS explanation →

A multinational company has recently deployed Cisco Umbrella for DNS-layer security across all offices. The security team receives reports that users in the Asia-Pacific region cannot access a critical cloud-based CRM application (crm.company.com). The CRM is hosted by a third-party provider and uses a custom domain. The Umbrella dashboard shows that DNS requests for crm.company.com are being blocked with the reason 'Cisco Umbrella Intelligence Feed: Blocked Domain'. The domain is not part of any standard security category. The IT team has verified that the domain is legitimate and necessary for business operations. What should the administrator do to restore access while maintaining security?

Question 16hardmultiple choice
Full question →

A university is using Cisco WSA to filter web traffic for its students and staff. The WSA is configured with transparent proxy mode and uses Active Directory for authentication. Recently, the IT department received complaints that some users cannot access certain educational websites that are correctly categorized as 'Education'. The WSA policy has a default rule that blocks all categories except those explicitly allowed. The 'Education' category is set to 'Allow'. However, affected users are shown a block page with the reason 'Web Reputation: Low Reputation'. The Web Reputation threshold is set to -5.0. The IT team checked the reputation scores of the blocked sites and found they are around -4.5. What is the most likely reason for the block?

Question 17mediummultiple choice
Full question →

A company is deploying Cisco Web Security Appliance (WSA) to enforce acceptable use policies. Users report that some legitimate websites are being blocked incorrectly. The security team wants to allow these sites while still blocking known malware sites. Which action should the administrator take?

Question 18hardmultiple choice
Full question →

A network administrator is troubleshooting an issue where users cannot send emails with attachments larger than 10 MB through the Cisco Email Security Appliance (ESA). The ESA is configured with a mail flow policy that has a maximum message size of 20 MB. What is the most likely cause of the issue?

Question 19easymultiple choice
Read the full DNS explanation →

A company uses Cisco Umbrella to protect its remote users. The security team notices that some users are able to bypass Umbrella by using a different DNS resolver. Which deployment method ensures that all DNS traffic is forced through Umbrella?

Question 20hardmultiple choice
Full question →

A security engineer is configuring Cisco Web Security Appliance (WSA) to block access to social media sites during business hours. The company wants to allow access to LinkedIn for the HR department. Which policy configuration approach should the engineer use?

Question 21mediummulti select
Full question →

A company is deploying Cisco Email Security Appliance (ESA) to protect against phishing attacks. The security team wants to implement two security features to detect malicious URLs in emails. Which two features should be enabled? (Choose two.)

Question 22hardmultiple choice
Full question →

A network administrator configures the above policy on a Cisco Firepower Threat Defense (FTD) device. Users report that they cannot access the login page at https://www.example.com/login. What is the most likely cause?

Exhibit

Refer to the exhibit.

policy-map type inspect http OUTSIDE_INSPECT
  match request header host header-value ".*malicious.*"
  reset
  match request body regex ".*malware.*"
  reset
  match request uri regex ".*evil.*"
  reset
!
class-map type inspect http match-all HTTP_CLASS
  match request header host header-value ".*example.com.*"
  match request uri regex ".*login.*"
!
policy-map type inspect http INSIDE_INSPECT
  class HTTP_CLASS
  inspect
!
Question 23hardmultiple choice
Read the full DNS explanation →

You are a security engineer for a multinational corporation with 5,000 employees. The company uses Cisco Umbrella for DNS-layer security, Cisco Web Security Appliance (WSA) for proxy services in the data center, and Cisco Email Security Appliance (ESA) for email security. Recently, the security team has received multiple reports of users receiving phishing emails that bypass the ESA. The emails contain links to malicious websites that are also not blocked by Umbrella or WSA. Upon investigation, you find that the phishing emails use newly registered domains (less than 24 hours old) and the malicious websites are hosted on cloud infrastructure with frequently changing IP addresses. The company's current security policies rely on signature-based detection and static blocklists. Which action should you take to most effectively mitigate these threats?

Question 24mediummulti select
Full question →

Which TWO actions are recommended best practices for securing web traffic using Cisco Umbrella?

Question 25hardmultiple choice
Full question →

Refer to the exhibit. An administrator sees that the file invoice_2024.exe was blocked by both Cisco AMP and ESA. However, a user claims the attachment was delivered. What is the most likely cause?

Exhibit

Refer to the exhibit.

Malware Event: 2024-03-15 10:23:45 UTC
File Name: invoice_2024.exe
SHA256: a1b2c3d4e5f6...
Score: 100 (Cisco AMP)
Disposition: Malicious

Syslog from ESA:
Mar 15 10:23:45 mail.esa.cisco.com CEF:0|Cisco|Email Security Appliance|13.0|ESA|EMAIL_MALWARE|5|act=blocked dvc=10.1.1.10 dst=192.168.1.100 msg=Attachment blocked: invoice_2024.exe cn1Label=AMP Verdict cn1=100 cs4Label=File SHA256 cs4=a1b2c3d4e5f6...
Question 26easymultiple choice
Full question →

A company with 500 employees uses Cisco Web Security Appliance (WSA) as a proxy. They have a policy to block access to social media sites during working hours (9 AM - 5 PM) for all users except the marketing team. The marketing team must have unrestricted access at all times. The WSA is configured with a time-based access policy that blocks the 'Social Networking' category from 9 AM to 5 PM, and an identity policy that identifies the marketing team by Active Directory group. However, marketing users report that they are blocked from social media during working hours. What is the most likely cause?

Question 27mediumdrag order
Read the full DNS explanation →

Drag and drop the steps to implement Cisco Umbrella (formerly OpenDNS) for DNS-layer security in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 28mediummatching
Read the full VPN explanation →

Match each VPN type to its characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Connects entire networks over the internet

Allows individual users to connect securely

Uses web browser for clientless access

Provides encrypted tunnels using IPsec

Dynamic multipoint VPN for hub-and-spoke topologies

Question 29mediummultiple choice
Full question →

A company uses Cisco WSA to proxy web traffic. After configuring a decryption policy to inspect HTTPS traffic to a specific external site, users report they can still access the site without any warning or interruption. Which action should the administrator take to ensure HTTPS inspection is applied?

Question 30easymultiple choice
Full question →

A network administrator is configuring Cisco Email Security Appliance (ESA) to prevent outgoing spam. The company wants to ensure that all outgoing emails contain a legal disclaimer and that any email with more than 20 recipients is delayed. Which two features should be combined?

Question 31hardmultiple choice
Full question →

An enterprise is deploying a hybrid email security solution using Cisco Email Security Appliance (ESA) on-premises and Cisco Cloud Email Security (CES). The organization wants to use the cloud for spam filtering while the on-premises ESA handles DLP and encryption for sensitive data. Inbound emails should be processed by the cloud first, then sent to the on-premises ESA. Which architecture correctly implements this requirement?

More Content Security questions available in the full practice test.

Continue Practising →
←

Previous objective

Cloud Security

All 350-701 Objectives

  • 1.Security Concepts
  • 2.Network Security
  • 3.Cloud Security
  • 4.Content Security