Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Content Security practice sets

350-701 Content Security • Complete Question Bank

350-701 Content Security — All Questions With Answers

Complete 350-701 Content Security question bank — all 0 questions with answers and detailed explanations.

85
Questions
Free
No signup
Certifications/350-701/Practice Test/Content Security/All Questions
Question 1mediummultiple choice
Read the full Content Security explanation →

A security administrator notices that a significant volume of spam is bypassing the Cisco ESA's anti-spam filters. Upon investigation, they find that the messages have a mid-range SBRS score of 5.0. Which action should the administrator take to improve spam detection?

Question 2hardmultiple choice
Read the full Content Security explanation →

An organization is deploying Cisco ESA and wants to ensure that outbound emails containing credit card numbers are blocked. The administrator configures a DLP policy to scan for credit card patterns. However, some legitimate emails with credit card numbers are being incorrectly blocked. What is the best approach to reduce false positives while still preventing data leakage?

Question 3mediummultiple choice
Read the full Content Security explanation →

A Cisco WSA administrator wants to block access to social media sites for all users during work hours. The proxy is deployed in explicit mode. Which policy type should the administrator use to enforce this restriction?

Question 4easymultiple choice
Read the full DNS explanation →

Which Cisco content security solution uses DNS to block access to malicious domains and provides cloud-based proxy protection?

Question 5mediummultiple choice
Read the full Content Security explanation →

An organization using Cisco WSA in transparent proxy mode with WCCP redirect notices that some HTTPS traffic is not being decrypted for inspection. The administrator has enabled SSL decryption but certain traffic still bypasses. What is the most likely cause?

Question 6hardmultiple choice
Read the full Content Security explanation →

A Cisco ESA administrator is investigating an increase in false positive detections from the outbreak filter. The filter is configured to use TALOS intelligence and has a threshold of 'Medium'. Which action would most effectively reduce false positives while maintaining protection against new outbreaks?

Question 7mediummultiple choice
Read the full Content Security explanation →

A company is implementing DMARC for its domain. The administrator wants to instruct receivers to reject emails that fail SPF or DKIM checks. Which DMARC policy should the administrator set?

Question 8easymultiple choice
Read the full Content Security explanation →

Which Cisco WSA feature allows administrators to control bandwidth usage per user or group by limiting the amount of bandwidth consumed for specific applications?

Question 9hardmultiple choice
Read the full Content Security explanation →

A security analyst receives an alert that a user clicked a link in an email that led to a malicious website. The email was allowed by the Cisco ESA because it passed SPF, DKIM, and DMARC checks. Later analysis reveals the email was sent from a compromised account within the same domain. Which type of attack best describes this scenario?

Question 10mediummultiple choice
Read the full Content Security explanation →

An organization is using Cisco Firepower NGFW to enforce content filtering. They want to block social media applications like Facebook and Twitter but allow LinkedIn for business purposes. Which feature should be used to differentiate between these applications?

Question 11easymultiple choice
Read the full Content Security explanation →

Which Cisco email security feature uses SHA-256 hash lookups to detect known malware in email attachments?

Question 12mediummultiple choice
Read the full Content Security explanation →

A company is deploying Cisco Secure Web (WSA) and wants to integrate with Active Directory for user-based policies. The proxy is in transparent mode. Which technology allows the WSA to identify users transparently without requiring client configuration?

Question 13mediummulti select
Read the full Content Security explanation →

An administrator is configuring Cisco ESA to protect against Business Email Compromise (BEC) attacks. Which TWO of the following features are most effective in detecting and mitigating BEC?

Question 14hardmulti select
Read the full Content Security explanation →

A Cisco WSA administrator needs to implement HTTPS inspection for traffic from internal users. The administrator wants to avoid decrypting traffic to financial and healthcare sites due to compliance requirements. Which THREE actions should the administrator take to configure this policy?

Question 15mediummulti select
Read the full Content Security explanation →

Which TWO statements about Cisco Umbrella SIG are true?

Question 16easymultiple choice
Read the full DNS explanation →

To protect against phishing attacks that use fraudulent emails to trick users into revealing credentials, which email authentication technology verifies the sending domain's DNS records for a digital signature?

Question 17mediummultiple choice
Read the full Content Security explanation →

An organization wants to enforce a policy that blocks outbound emails containing Social Security numbers. Which feature of Cisco ESA should be configured?

Question 18hardmultiple choice
Read the full Content Security explanation →

A security engineer is configuring Cisco WSA in explicit proxy mode. Which traffic interception method is being used when each endpoint browser is configured with the proxy address?

Question 19mediummultiple choice
Read the full DNS explanation →

Which Cisco Umbrella feature provides protection against malicious domains by blocking DNS requests to known bad sites?

Question 20mediummultiple choice
Read the full Content Security explanation →

An organization wants to implement URL filtering based on user identity. The Cisco WSA must integrate with which directory service to apply policies per user or group?

Question 21easymultiple choice
Read the full Content Security explanation →

Which Cisco technology uses SHA-256 file hashes to determine if a file is malicious by querying a cloud database?

Question 22hardmultiple choice
Read the full Content Security explanation →

A security engineer is troubleshooting an issue where users can bypass the Cisco WSA by using HTTPS. What must be enabled on the WSA to inspect encrypted traffic?

Question 23mediummultiple choice
Read the full Content Security explanation →

Which Cisco NGFW technology can be used to block social media categories such as Facebook and Twitter during business hours?

Question 24easymultiple choice
Read the full Content Security explanation →

What is the correct order of email authentication checks recommended by Cisco?

Question 25mediummultiple choice
Read the full Content Security explanation →

A company receives a spear-phishing email that appears to come from the CEO requesting an urgent wire transfer. What type of email attack is this?

Question 26hardmultiple choice
Read the full Content Security explanation →

In Cisco ESA, which feature uses TALOS intelligence to provide real-time protection against newly identified email threats before signature updates are available?

Question 27easymultiple choice
Read the full Content Security explanation →

What is the primary purpose of DMARC in email authentication?

Question 28mediummulti select
Read the full Content Security explanation →

A Cisco WSA administrator wants to apply different web usage policies based on user group membership. Which two methods can be used to identify users transparently? (Choose two.)

Question 29hardmulti select
Read the full Content Security explanation →

A SOC analyst is investigating a BEC attack. Which three indicators should be examined in the email headers to detect the spoofing? (Choose three.)

Question 30mediummulti select
Read the full Content Security explanation →

An organization wants to block access to malicious websites using Cisco Umbrella. Which two protection layers are available with the Umbrella SIG? (Choose two.)

Question 31easymultiple choice
Read the full Content Security explanation →

An organization wants to prevent users from accessing known malicious websites. Which Cisco WSA feature should be configured to block access based on website reputation?

Question 32mediummultiple choice
Read the full Content Security explanation →

A security administrator receives an alert that an email with an attachment was blocked by the Cisco Email Security Appliance (ESA). The attachment was identified as malware using cloud lookup. Which technology was used to detect the threat?

Question 33hardmultiple choice
Read the full Content Security explanation →

An organization is implementing email authentication to prevent domain spoofing. They have deployed SPF and DKIM. Which additional record should they publish to instruct receiving mail servers on how to handle emails that fail SPF or DKIM checks?

Question 34mediummultiple choice
Read the full Content Security explanation →

A company wants to enforce that all outbound emails containing credit card numbers are blocked. Which Cisco ESA feature should be configured to achieve this?

Question 35mediummultiple choice
Review the full routing breakdown →

A network administrator is configuring Cisco WSA to intercept web traffic transparently. Which protocol should be used to redirect traffic from the router to the WSA?

Question 36easymultiple choice
Read the full DNS explanation →

Which Cisco cloud-based security solution provides DNS-layer security to block requests to malicious domains?

Question 37hardmultiple choice
Read the full Content Security explanation →

An organization has deployed Cisco WSA in explicit proxy mode. Users are required to authenticate using their Active Directory credentials. Which WSA feature enables transparent user identification without requiring users to manually log in?

Question 38mediummultiple choice
Read the full Content Security explanation →

A security analyst notices that a user is downloading a file from a website. The Cisco WSA is configured to perform AMP file scanning. What happens when the file's SHA-256 hash is not found in the local cache?

Question 39easymultiple choice
Read the full Content Security explanation →

A company wants to block social media access for employees during work hours. Which Cisco Firepower NGFW feature should be used to achieve this?

Question 40hardmultiple choice
Read the full Content Security explanation →

During a phishing simulation, an employee receives an email that appears to be from the CEO requesting an urgent wire transfer. This type of attack is known as:

Question 41mediummultiple choice
Read the full Content Security explanation →

A Cisco WSA administrator wants to prioritize bandwidth for video conferencing applications while limiting recreational streaming. Which feature should be configured?

Question 42mediummultiple choice
Read the full Content Security explanation →

An organization is using Cisco ESA and wants to ensure that emails sent from their domain are authenticated using a cryptographic signature. Which email authentication method should be configured?

Question 43mediummulti select
Read the full Content Security explanation →

Which TWO of the following are capabilities of Cisco Umbrella SIG? (Choose TWO.)

Question 44hardmulti select
Read the full Content Security explanation →

A security team is investigating an email threat that bypassed the Cisco ESA. The email appears to be from the CFO asking for a wire transfer. Which THREE of the following are characteristics of this attack? (Choose THREE.)

Question 45mediummulti select
Read the full Content Security explanation →

Which TWO of the following are valid methods for deploying Cisco WSA? (Choose TWO.)

Question 46mediummultiple choice
Read the full Content Security explanation →

A security engineer is configuring the Cisco ESA to block spam. The engineer wants to rely on a reputation-based system that scores senders based on global email traffic patterns. Which technology should be used?

Question 47easymultiple choice
Read the full Content Security explanation →

An organization wants to prevent employees from accessing social media websites during work hours. Which Cisco WSA feature should be used to enforce this policy?

Question 48hardmultiple choice
Read the full Content Security explanation →

A company using Cisco ESA receives an email that appears to be from the CEO requesting an urgent wire transfer. The email fails SPF and DKIM checks but passes DMARC. What is the most likely explanation?

Question 49mediummultiple choice
Read the full Content Security explanation →

A network administrator wants to deploy Cisco WSA as a transparent proxy to inspect web traffic without changing browser settings. Which protocol should be used to redirect traffic to the WSA?

Question 50easymultiple choice
Read the full DNS explanation →

Which Cisco security solution provides DNS-layer security to block access to malicious domains before a connection is established?

Question 51mediummultiple choice
Read the full Content Security explanation →

An organization uses Cisco ESA to enforce DLP policies. Which of the following is an example of a DLP policy that can be configured on the ESA?

Question 52hardmultiple choice
Read the full Content Security explanation →

A SOC analyst notices that a user downloaded a malicious file from a website. The Cisco WSA is configured with AMP file scanning. However, the file was not blocked. Which scenario best explains why AMP failed to detect the file?

Question 53mediummultiple choice
Read the full Content Security explanation →

An administrator wants to enforce identity-based policies on Cisco WSA by integrating with Active Directory. Which method allows the WSA to identify users transparently without requiring client software?

Question 54easymultiple choice
Read the full Content Security explanation →

Which Cisco technology provides visibility into the performance of SaaS applications such as Microsoft 365?

Question 55mediummultiple choice
Read the full Content Security explanation →

A security engineer is configuring Cisco Firepower NGFW to block social media applications. Which feature should be used to achieve this?

Question 56hardmultiple choice
Read the full DNS explanation →

An organization wants to use Cisco Umbrella SIG to enforce security policy for remote users. Which deployment method allows Umbrella to inspect traffic for all ports and protocols, not just DNS?

Question 57mediummultiple choice
Read the full Content Security explanation →

Which email authentication method allows the domain owner to publish a policy that instructs receiving mail servers on how to handle messages that fail SPF and DKIM checks?

Question 58mediummulti select
Read the full Content Security explanation →

A security analyst is investigating a Business Email Compromise (BEC) attack. Which two indicators are commonly associated with BEC attacks? (Choose two.)

Question 59hardmulti select
Read the full Content Security explanation →

An organization is deploying Cisco WSA in explicit proxy mode. Which three considerations are important for this deployment? (Choose three.)

Question 60mediummulti select
Read the full DNS explanation →

Which two Cisco solutions can be used to provide cloud-based content security including DNS-layer protection and cloud proxy? (Choose two.)

Question 61easymultiple choice
Read the full Content Security explanation →

An organization wants to prevent outbound email containing credit card numbers from leaving the network. Which Cisco ESA feature should be configured?

Question 62mediummultiple choice
Read the full Content Security explanation →

A security engineer needs to block access to social media websites for all users except those in the HR department. The solution must integrate with Active Directory. Which Cisco WSA feature should be used?

Question 63hardmultiple choice
Read the full Content Security explanation →

An email administrator receives reports of a targeted phishing campaign where attackers impersonate the CEO to request wire transfers. Which Cisco ESA feature provides the best defense against this Business Email Compromise (BEC) attack?

Question 64mediummultiple choice
Read the full Content Security explanation →

A company uses Cisco Umbrella SIG to enforce security policies. An employee attempts to visit a website categorized as 'Phishing' but the request is allowed. What is the most likely cause?

Question 65easymultiple choice
Read the full Content Security explanation →

Which Cisco technology uses SenderBase reputation scores (SBRS) to evaluate incoming email?

Question 66mediummultiple choice
Read the full Content Security explanation →

A network administrator wants to deploy Cisco WSA as a transparent proxy using WCCP. Which traffic redirection method does WCCP use?

Question 67hardmultiple choice
Read the full Content Security explanation →

During an email security audit, it is discovered that some phishing emails are passing through the Cisco ESA. Analysis shows the emails have valid SPF and DKIM signatures but are classified as phishing. What additional Cisco ESA feature should be tuned to improve detection?

Question 68mediummultiple choice
Read the full Content Security explanation →

A user reports slow performance when accessing cloud-based applications. Which Cisco tool provides visibility into SaaS application performance?

Question 69easymultiple choice
Read the full Content Security explanation →

Which Cisco ESA feature uses SHA-256 cloud lookups to detect malware in email attachments?

Question 70mediummultiple choice
Read the full Content Security explanation →

An organization using Cisco Firepower NGFW wants to block all social media traffic while allowing other web traffic. Which feature should be configured?

Question 71hardmultiple choice
Read the full Content Security explanation →

A security engineer is configuring Cisco WSA for HTTPS inspection but notices that some encrypted traffic is being bypassed. The WSA is configured with a decryption policy that excludes traffic to financial websites. What is the most likely reason for the bypass?

Question 72mediummultiple choice
Read the full DNS explanation →

Which Cisco content security solution provides DNS-layer protection and a cloud proxy to enforce security policies?

Question 73mediummulti select
Read the full Content Security explanation →

A security analyst notices that emails from a trusted partner's domain are being quarantined by the Cisco ESA. The analyst wants to verify the email authentication status. Which TWO authentication mechanisms should be checked?

Question 74hardmulti select
Read the full Content Security explanation →

An organization is deploying Cisco WSA to enforce acceptable use policies. The administrator wants to block access to social media and streaming video, while also decrypting HTTPS traffic for these categories. Which THREE configuration steps are required?

Question 75mediummulti select
Read the full Content Security explanation →

A company is experiencing an increase in spear-phishing attacks targeting executives. Which TWO Cisco ESA features should be configured to mitigate this threat?

Question 76mediummultiple choice
Read the full Content Security explanation →

A security analyst notices that a user is receiving a high volume of emails from unknown senders with links to malicious sites. The ESA is configured with Cisco TALOS threat intelligence. Which ESA feature should the analyst configure to block these emails based on the reputation of the sender before they reach the user's inbox?

Question 77hardmultiple choice
Read the full Content Security explanation →

A company is using Cisco WSA with explicit proxy mode. The security team wants to enforce HTTPS inspection for all web traffic from the finance department to detect malicious content in encrypted connections. However, they want to exclude traffic to financial institutions' websites due to compliance reasons. Which configuration approach should be used to achieve this?

Question 78easymultiple choice
Read the full Content Security explanation →

An organization wants to protect against Business Email Compromise (BEC) attacks where attackers spoof the CEO's email address to request wire transfers. Which email authentication method is specifically designed to help prevent domain spoofing by allowing senders to specify how email that fails authentication should be handled?

Question 79mediummultiple choice
Read the full Content Security explanation →

A company uses Cisco Umbrella SIG to secure internet access for remote users. The security team wants to block access to social media websites but allow access to business-related websites that may share the same IP addresses. Which Umbrella feature should be used to enforce this granular control?

Question 80mediummulti select
Read the full Content Security explanation →

A company is deploying Cisco ESA and wants to protect against malware delivered via email attachments. Which TWO features can be used together to provide both signature-based detection and behavioral analysis?

Question 81hardmulti select
Read the full Content Security explanation →

An organization uses Cisco Firepower NGFW to enforce content security policies. The security team wants to block all social media traffic during business hours but allow access during lunch breaks. Additionally, they want to detect and alert on any SSL connections to unknown destinations that might indicate data exfiltration. Which THREE capabilities of the NGFW should be combined to achieve these objectives?

Question 82mediummulti select
Read the full Content Security explanation →

A company is using Cisco WSA with transparent proxy via WCCP. The security team wants to identify which users are accessing banned websites and also enforce bandwidth limits for video streaming. Which TWO features should be configured on the WSA?

Question 83easymulti select
Read the full Content Security explanation →

An organization wants to prevent sensitive data such as credit card numbers from being sent via email. Which TWO features of Cisco ESA can be used to achieve this?

Question 84mediummulti select
Read the full Content Security explanation →

A company is deploying Cisco Umbrella SIG to protect against malware and phishing. The security team wants to ensure that even if a user clicks on a malicious link in an email, the traffic is inspected and blocked if needed. Which TWO features of Umbrella can be used to provide this protection?

Question 85hardmulti select
Read the full Content Security explanation →

A financial institution uses Cisco ESA and wants to protect against spear phishing attacks targeting executives. The security team configures DMARC with a 'reject' policy for the corporate domain. Additionally, they want to ensure that emails from external sources claiming to be from the CEO are flagged and quarantined. Which THREE security measures should be implemented?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

350-701 Practice Test 1 — 25 Questions→350-701 Practice Test 2 — 25 Questions→350-701 Practice Test 3 — 25 Questions→350-701 Practice Test 4 — 25 Questions→350-701 Practice Test 5 — 25 Questions→350-701 Practice Exam 1 — 20 Questions→350-701 Practice Exam 2 — 20 Questions→350-701 Practice Exam 3 — 20 Questions→350-701 Practice Exam 4 — 20 Questions→Free 350-701 Practice Test 1 — 30 Questions→Free 350-701 Practice Test 2 — 30 Questions→Free 350-701 Practice Test 3 — 30 Questions→350-701 Practice Questions 1 — 50 Questions→350-701 Practice Questions 2 — 50 Questions→350-701 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security ConceptsNetwork SecurityEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Content Security setsAll Content Security questions350-701 Practice Hub