Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Endpoint Security and Identity practice sets

350-701 Endpoint Security and Identity • Complete Question Bank

350-701 Endpoint Security and Identity — All Questions With Answers

Complete 350-701 Endpoint Security and Identity question bank — all 0 questions with answers and detailed explanations.

125
Questions
Free
No signup
Certifications/350-701/Practice Test/Endpoint Security and Identity/All Questions
Question 1easymultiple choice
Read the full Endpoint Security and Identity explanation →

A network administrator wants to deploy Cisco AMP for Endpoints to protect endpoints. Which feature allows the detection of a file that was initially deemed benign but later discovered to be malicious?

Question 2mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An engineer is configuring Cisco ISE for 802.1X authentication. The organization has a mix of devices, including some that do not support 802.1X supplicants. Which method should the engineer use to allow these non-supplicant devices to authenticate?

Question 3hardmultiple choice
Read the full Endpoint Security and Identity explanation →

During a security incident, a SOC analyst notices that a malicious file was executed on an endpoint. Using Cisco AMP for Endpoints, which feature should the analyst use to visualize the file's propagation and activities across the network over time?

Question 4mediummultiple choice
Read the full DHCP explanation →

In Cisco ISE, profiling is used to identify device types. Which probe must be enabled for ISE to determine the operating system of a device by analyzing DHCP options?

Question 5easymultiple choice
Read the full Endpoint Security and Identity explanation →

An organization wants to enforce endpoint posture compliance before granting network access. In Cisco ISE, which component performs the actual checks on the endpoint to verify antivirus status and patch levels?

Question 6mediummultiple choice
Read the full VPN explanation →

A security engineer is configuring Duo for VPN authentication with AnyConnect. Which authentication factor does Duo provide in addition to the user's primary credentials?

Question 7hardmultiple choice
Open the full VLAN trunking answer →

In a Cisco ISE deployment, after a device passes posture assessment, ISE needs to dynamically change the VLAN assignment for the device. Which protocol or feature enables ISE to send a new authorization policy to the network access device without requiring the endpoint to reauthenticate?

Question 8easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which component in the 802.1X architecture is responsible for relaying authentication messages between the client and the authentication server?

Question 9mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization uses Cisco AMP for Endpoints and wants to perform a remote investigation on an infected endpoint. The security analyst needs to isolate the endpoint from the network while collecting forensic data. Which AMP feature should be used?

Question 10hardmultiple choice
Read the full Endpoint Security and Identity explanation →

In Cisco ISE, which protocol is used for EAP-TLS authentication, and what is the primary requirement for the client to successfully authenticate?

Question 11mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A company wants to implement privileged access management (PAM) to secure administrative credentials. They need a solution that provides just-in-time access and session recording. Which product integrated with Cisco SecureX can fulfill these requirements?

Question 12hardmultiple choice
Read the full Endpoint Security and Identity explanation →

In Cisco AMP for Endpoints, which technology prevents exploit techniques such as code injection and memory corruption at runtime without relying on signatures?

Question 13mediummulti select
Read the full Endpoint Security and Identity explanation →

A network administrator is configuring Cisco ISE for guest access. The company requires a solution where guests can create their own accounts and receive network access after a sponsor approves. Which two components must be configured? (Choose two.)

Question 14hardmulti select
Read the full Endpoint Security and Identity explanation →

An organization wants to deploy endpoint hardening measures. Which three of the following are considered endpoint hardening techniques? (Choose three.)

Question 15easymulti select
Read the full Endpoint Security and Identity explanation →

An administrator is configuring Cisco ISE profiling using Device Sensor. Which two types of information can the Device Sensor collect from endpoints? (Choose two.)

Question 16mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security engineer is deploying Cisco AMP for Endpoints in an organization. To ensure that any malicious file that was initially allowed but later determined to be malicious can be traced, which feature should be used?

Question 17mediummultiple choice
Read the full Endpoint Security and Identity explanation →

During 802.1X authentication, which component acts as the intermediary that forwards authentication requests between the client and the authentication server?

Question 18hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A network administrator needs to provide network access to a legacy printer that does not support 802.1X. Which Cisco ISE feature should be used to authenticate this device?

Question 19mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization uses Cisco ISE for network access control. After a user authenticates via 802.1X, a posture assessment determines that the user's antivirus definitions are outdated. What ISE feature can be used to dynamically restrict the user's network access until the issue is resolved?

Question 20easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which Cisco security product provides multi-factor authentication through push notifications, TOTP, and hardware tokens?

Question 21mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst wants to investigate a remote endpoint that is suspected of being compromised. Using Cisco AMP for Endpoints, which capability allows the analyst to run commands on the endpoint and perform live analysis?

Question 22hardmultiple choice
Read the full Endpoint Security and Identity explanation →

In a Cisco TrustSec deployment, after successful authentication, ISE assigns a Security Group Tag (SGT) to the user. Which protocol is used to propagate the SGT to the network devices for policy enforcement?

Question 23easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which Cisco ISE probe is used to identify the operating system and open ports of an endpoint by actively scanning it?

Question 24hardmultiple choice
Read the full Endpoint Security and Identity explanation →

An organization is implementing privileged access management (PAM) with Cisco SecureX and CyberArk. Which feature allows administrators to grant temporary elevated privileges for a specific task, after which the privileges are automatically revoked?

Question 25mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A network engineer is configuring 802.1X on a switch port that connects to a VoIP phone and a PC behind the phone. Which authentication method should be used to authenticate both devices separately?

Question 26easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which EAP method used with 802.1X requires a client-side certificate for authentication?

Question 27mediummultiple choice
Read the full Endpoint Security and Identity explanation →

Cisco ISE posture assessment requires that endpoints meet certain security requirements before being granted network access. Which of the following is a typical posture requirement?

Question 28mediummulti select
Read the full Endpoint Security and Identity explanation →

A security administrator is configuring Cisco ISE for guest access. Which TWO components are required to allow guests to self-register and obtain network access? (Choose two.)

Question 29hardmulti select
Read the full Endpoint Security and Identity explanation →

A company wants to deploy endpoint hardening measures to prevent unauthorized applications from executing. Which THREE techniques are commonly used for application control? (Choose three.)

Question 30mediummulti select
Read the full Endpoint Security and Identity explanation →

An organization is deploying Cisco Duo for multi-factor authentication. Which TWO authentication methods can be used with Duo? (Choose two.)

Question 31easymultiple choice
Read the full Endpoint Security and Identity explanation →

An engineer is configuring Cisco Secure Endpoint (AMP) connectors. Which deployment is supported for the macOS platform?

Question 32mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst notices that a file previously marked as 'clean' on an endpoint was later determined to be malicious. Using Cisco Secure Endpoint, which feature allows the analyst to see the propagation of that file across the system and understand its impact?

Question 33mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization wants to deploy 802.1X for network access control. Which component is responsible for forwarding authentication requests from the endpoint to the authentication server?

Question 34hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A network administrator is configuring Cisco ISE to authenticate devices that do not support 802.1X supplicant software. Which authentication method should be used for these non-supplicant devices?

Question 35mediummultiple choice
Read the full DHCP explanation →

Cisco ISE performs profiling to identify device type. Which probe collects information by querying the device's MAC address OUI and DHCP options?

Question 36mediummultiple choice
Open the full VLAN trunking answer →

An administrator wants to dynamically change the VLAN assignment for a user after a posture assessment determines that the endpoint is missing a critical patch. Which ISE feature accomplishes this?

Question 37easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which Cisco Duo authentication method involves a one-time code generated by a hardware token?

Question 38hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A security engineer is investigating a suspicious process on an endpoint. Using Cisco Secure Endpoint, which EDR capability allows the engineer to isolate the process and prevent it from executing further?

Question 39mediummultiple choice
Read the full Endpoint Security and Identity explanation →

Which protocol does Cisco ISE use to communicate with network devices for 802.1X authentication?

Question 40easymultiple choice
Read the full Endpoint Security and Identity explanation →

An organization is implementing privileged access management (PAM) using Cisco SecureX and CyberArk. Which PAM capability provides temporary elevated access that is automatically revoked after a set period?

Question 41hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A Cisco ISE administrator is configuring guest access with a sponsor portal. Which type of guest account requires approval from a sponsor before network access is granted?

Question 42mediummultiple choice
Read the full Endpoint Security and Identity explanation →

Which EAP method used with 802.1X provides certificate-based mutual authentication and is commonly used with Cisco ISE?

Question 43mediummulti select
Read the full Endpoint Security and Identity explanation →

A security analyst is configuring Cisco Secure Endpoint (AMP) to detect and respond to threats. Which TWO features are part of the Exploit Prevention capability? (Choose two.)

Question 44hardmulti select
Read the full Endpoint Security and Identity explanation →

An engineer is deploying Cisco ISE for posture assessment. Which THREE conditions can ISE check during posture assessment before granting full network access? (Choose three.)

Question 45mediummulti select
Read the full VPN explanation →

An organization wants to implement multi-factor authentication (MFA) for VPN access using Cisco AnyConnect and Duo. Which TWO authentication factors can Duo provide? (Choose two.)

Question 46easymultiple choice
Read the full Endpoint Security and Identity explanation →

A security administrator notices that a file initially classified as 'unknown' by Cisco AMP for Endpoints has been later determined to be malicious. Which Cisco AMP feature allows the administrator to see the file's propagation and impacts across endpoints?

Question 47mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An engineer is configuring Cisco ISE for 802.1X authentication. The network has many printers and IP phones that do not support 802.1X supplicant software. Which ISE feature should be used to allow these devices to authenticate?

Question 48mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst needs to enforce that all endpoints have antivirus software running and are up-to-date with patches before granting full network access. Which Cisco ISE feature should be used to enforce this policy?

Question 49hardmultiple choice
Open the full VLAN trunking answer →

An organization deploys Cisco ISE for network access control. After successful 802.1X authentication, a user's device is found to be missing critical patches via posture assessment. The administrator wants to dynamically move the user to a remediation VLAN without requiring the user to reconnect. Which ISE capability enables this?

Question 50mediummultiple choice
Read the full VPN explanation →

A company wants to implement two-factor authentication for remote VPN access using Cisco AnyConnect. They need a solution that supports push notifications to a mobile app. Which Cisco product meets this requirement?

Question 51easymultiple choice
Read the full Endpoint Security and Identity explanation →

In a Cisco ISE 802.1X deployment, which component acts as the authenticator?

Question 52mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security engineer is configuring Cisco AMP for Endpoints to protect against memory injection attacks. Which feature should be enabled to block exploits that attempt to inject malicious code into legitimate processes?

Question 53hardmultiple choice
Read the full Endpoint Security and Identity explanation →

During a security incident, an analyst needs to isolate a compromised endpoint and perform remote forensic analysis using Cisco AMP for Endpoints. Which capability allows the analyst to execute commands on the endpoint remotely?

Question 54mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization wants to implement privileged access management (PAM) for critical servers. They require just-in-time access and session recording. Which solution integrates with Cisco SecureX to provide these capabilities?

Question 55easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which authentication protocol is used in Cisco ISE for certificate-based 802.1X authentication?

Question 56mediummultiple choice
Read the full DHCP explanation →

A network administrator configures Cisco ISE to identify devices by analyzing DHCP requests, HTTP user agents, and SNMP queries. Which ISE feature is being used?

Question 57hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A security team wants to enforce application whitelisting on endpoints to prevent unauthorized software execution. Which Cisco AMP for Endpoints feature can be used to implement this control?

Question 58mediummulti select
Read the full Endpoint Security and Identity explanation →

A company deploys Cisco ISE for network access control. They need to allow guests to access the internet via a self-registration portal. Which two components must be configured? (Choose two.)

Question 59hardmulti select
Read the full Endpoint Security and Identity explanation →

An organization wants to deploy endpoint hardening measures. Which three capabilities are provided by Cisco AMP for Endpoints as part of EDR (Endpoint Detection and Response)? (Choose three.)

Question 60mediummulti select
Read the full Endpoint Security and Identity explanation →

A network engineer is troubleshooting 802.1X authentication failures. Which two components are required for a successful 802.1X authentication? (Choose two.)

Question 61easymultiple choice
Read the full Endpoint Security and Identity explanation →

A security administrator notices that a file initially classified as 'unknown' by Cisco AMP for Endpoints was later determined to be malicious after execution. Which feature allows the administrator to see the file's propagation and impact on endpoints?

Question 62mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization wants to provide network access to guest users through Cisco ISE. Guests must register themselves and accept an acceptable use policy before gaining internet-only access. Which guest access method should be configured?

Question 63mediummultiple choice
Open the full VLAN trunking answer →

In a Cisco ISE deployment, a network administrator needs to dynamically change the VLAN assignment for an endpoint after a posture assessment determines that the endpoint is non-compliant. Which ISE feature enables this dynamic change without re-authentication?

Question 64hardmultiple choice
Read the full DHCP explanation →

Cisco ISE is performing profiling on a network. It receives a DHCP request from a device with vendor class identifier 'MSFT 5.0' and an HTTP user-agent 'Mozilla/5.0 (Windows NT 10.0)'. Which probes are most likely used to collect this information?

Question 65easymultiple choice
Read the full VPN explanation →

An organization wants to enforce multi-factor authentication for remote VPN access. Cisco AnyConnect is used as the VPN client. Which Cisco product integrates with AnyConnect to provide MFA capabilities such as push notifications and one-time passwords?

Question 66mediummultiple choice
Study the full AAA explanation →

A network engineer is troubleshooting 802.1X authentication on a Cisco switch. Users report that they cannot authenticate. The engineer verifies that the switch (authenticator) is configured correctly and the RADIUS server (ISE) is reachable. Which component is most likely misconfigured on the client side?

Question 67hardmultiple choice
Read the full Endpoint Security and Identity explanation →

During a security incident, an analyst uses Cisco AMP for Endpoints to remotely investigate a compromised endpoint. The analyst needs to isolate the endpoint from the network while preserving the ability to continue the investigation. Which AMP action should be taken?

Question 68easymultiple choice
Read the full Endpoint Security and Identity explanation →

A company wants to implement network access control for IoT devices that do not support 802.1X. Which Cisco ISE feature can be used to grant these devices network access based on their MAC address?

Question 69mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization requires that endpoints must have antivirus running and up-to-date patches before being granted full network access. Cisco ISE is used for authentication. Which ISE component enforces these requirements?

Question 70hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A security engineer is configuring Cisco ISE for 802.1X authentication using EAP-TLS. What must be deployed on the endpoints to support this authentication method?

Question 71mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A company uses Cisco AMP for Endpoints and wants to deploy it on mobile devices running iOS and Android. Which deployment method is supported for these platforms?

Question 72easymultiple choice
Read the full Endpoint Security and Identity explanation →

Cisco ISE is configured to assign Security Group Tags (SGTs) to endpoints based on their identity. This is part of which Cisco security architecture?

Question 73mediummulti select
Read the full Endpoint Security and Identity explanation →

A security analyst is investigating an alert from Cisco AMP for Endpoints. The analyst wants to perform remote actions on the endpoint. Which TWO actions are available in AMP for Endpoints? (Choose two.)

Question 74hardmulti select
Read the full Endpoint Security and Identity explanation →

A company is deploying Cisco ISE for network access control. They need to authenticate devices that do not support 802.1X, such as printers and IP phones. Which TWO methods can be used to authenticate these devices? (Choose two.)

Question 75hardmulti select
Read the full Endpoint Security and Identity explanation →

An organization wants to implement Privileged Access Management (PAM) using Cisco SecureX and CyberArk. Which THREE capabilities are typically associated with PAM solutions? (Choose three.)

Question 76easymultiple choice
Read the full Endpoint Security and Identity explanation →

A security administrator is implementing Cisco AMP for Endpoints and wants to identify files that were initially allowed but later determined to be malicious. Which feature allows the administrator to see the propagation of such a file across the environment?

Question 77mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An engineer is configuring Cisco ISE for 802.1X authentication in a corporate network. A printer that does not support 802.1X needs to be granted network access. Which method should the engineer use to authenticate the printer?

Question 78hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst discovers that an endpoint was infected by a file that initially received a 'clean' disposition from Cisco AMP. The analyst needs to identify all other endpoints that executed the same file and examine their trajectory. Which approach should be used to find these endpoints in the AMP console?

Question 79mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A network administrator is configuring Cisco ISE profiling to identify devices on the network. Which probe allows ISE to identify device type by analyzing the HTTP User-Agent string?

Question 80mediummultiple choice
Open the full VLAN trunking answer →

An organization uses Cisco ISE to enforce posture compliance. After a user's machine is patched, ISE sends a command to the switch to reclassify the endpoint from a restricted VLAN to a full-access VLAN. Which ISE feature accomplishes this?

Question 81easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which component in an 802.1X deployment is responsible for relaying authentication messages between the client and the authentication server?

Question 82mediummultiple choice
Read the full VPN explanation →

A company deploys Cisco Duo for multi-factor authentication to protect VPN access. Employees use AnyConnect to connect to the corporate network. After entering their credentials, they receive a push notification on their mobile device. Which Duo authentication method is being used?

Question 83hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A security team is implementing Privileged Access Management (PAM) using CyberArk integrated with Cisco SecureX. They need to provide just-in-time access to a critical server for a specific task, with automatic password rotation after use. Which PAM capability addresses this requirement?

Question 84easymultiple choice
Read the full Endpoint Security and Identity explanation →

An endpoint security engineer wants to protect against memory injection attacks on endpoints running Windows. Which Cisco AMP feature should be enabled?

Question 85mediummultiple choice
Read the full wireless explanation →

A network engineer is configuring Cisco ISE for wireless 802.1X authentication. The company wants to use certificate-based authentication for all corporate devices. Which EAP method should be configured?

Question 86hardmultiple choice
Read the full Endpoint Security and Identity explanation →

An organization uses Cisco ISE with TrustSec to assign Security Group Tags (SGTs) to endpoints based on their role. An endpoint initially receives an SGT for 'Employees' but after a posture check reveals missing antivirus updates, ISE changes the SGT to 'Quarantine'. Which ISE feature dynamically updates the SGT?

Question 87mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst needs to investigate a potential breach on an endpoint running Cisco AMP. The analyst wants to remotely execute commands to gather forensic data and potentially isolate the endpoint from the network. Which Cisco AMP EDR capability should the analyst use?

Question 88mediummulti select
Read the full Endpoint Security and Identity explanation →

A network administrator is deploying Cisco ISE for network access control. The administrator needs to profile devices that connect to the network. Which TWO probes can be used to gather information for device profiling? (Choose two.)

Question 89hardmulti select
Read the full Endpoint Security and Identity explanation →

A security team is implementing endpoint hardening measures. They want to ensure that only approved applications can run, monitor for suspicious behavior, and have the ability to isolate processes if needed. Which THREE Cisco AMP features should they enable? (Choose three.)

Question 90easymulti select
Read the full Endpoint Security and Identity explanation →

An administrator is configuring Cisco Duo for multi-factor authentication. Which THREE authentication methods can Duo provide to users? (Choose three.)

Question 91mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst notices that a file that was initially allowed by Cisco AMP for Endpoints has later been determined to be malicious. The analyst needs to investigate the file's propagation across endpoints. Which Cisco AMP feature should the analyst use to view the timeline of events?

Question 92mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization wants to deploy Cisco ISE to authenticate devices that do not support 802.1X supplicant software, such as printers and IoT sensors. Which authentication method should be configured on the switch port to allow these devices network access?

Question 93hardmultiple choice
Open the full VLAN trunking answer →

A network administrator is configuring Cisco ISE for posture assessment. A Windows laptop connects to the network and passes 802.1X authentication. ISE then checks if the antivirus software is running and if the OS patches are up to date. If the posture check fails, ISE should dynamically restrict the endpoint to a remediation VLAN. Which mechanism allows ISE to change the VLAN assignment after authentication without requiring the user to reauthenticate?

Question 94easymultiple choice
Read the full VPN explanation →

An organization wants to enforce multi-factor authentication (MFA) for VPN access using Cisco AnyConnect. Which Cisco product integrates with AnyConnect to provide MFA via push notifications or one-time passwords?

Question 95mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security engineer is deploying Cisco AMP for Endpoints and wants to ensure that the client can detect and block memory injection attacks. Which AMP feature should be enabled to provide this protection?

Question 96hardmultiple choice
Read the full DHCP explanation →

A network administrator is configuring Cisco ISE for device profiling. The goal is to identify the type of device (e.g., Windows PC, iPhone, printer) connecting to the network. Which probe should be used to gather the DHCP option 60 (vendor class identifier) and option 12 (hostname) information?

Question 97easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which 802.1X component is responsible for enforcing access control on the network and relaying authentication messages between the client and the authentication server?

Question 98mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization uses Cisco ISE for guest access. They want to allow guests to create their own accounts through a web portal while requiring approval from a sponsor before network access is granted. Which guest access method should be configured?

Question 99hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst is investigating an incident on an endpoint protected by Cisco AMP. The analyst needs to isolate the compromised process and prevent it from communicating with other processes or the network. Which EDR capability should be used to achieve this?

Question 100easymultiple choice
Read the full Endpoint Security and Identity explanation →

Which Cisco product provides privileged access management (PAM) capabilities such as just-in-time access, session recording, and password vaulting through integration with CyberArk?

Question 101mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A network administrator is configuring 802.1X on a Cisco switch for corporate Windows laptops. The organization uses certificates for authentication. Which EAP method should be configured on the supplicant and ISE to provide certificate-based mutual authentication?

Question 102mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization wants to deploy endpoint hardening by allowing only approved applications to run. Which technology should be implemented to achieve this?

Question 103mediummulti select
Read the full Endpoint Security and Identity explanation →

A network engineer is configuring Cisco ISE to assign Security Group Tags (SGTs) to endpoints based on their identity and role. Which two components are required for TrustSec SGT classification and enforcement? (Choose two.)

Question 104hardmulti select
Read the full Endpoint Security and Identity explanation →

A security analyst needs to investigate a potential breach on an endpoint. Cisco AMP for Endpoints provides several EDR capabilities. Which three actions can the analyst perform using AMP's EDR features? (Choose three.)

Question 105mediummulti select
Read the full Endpoint Security and Identity explanation →

An organization wants to implement multi-factor authentication (MFA) for administrative access to network devices. Which two methods can be used with Cisco Duo to provide MFA for admin access? (Choose two.)

Question 106easymultiple choice
Read the full Endpoint Security and Identity explanation →

An administrator needs to enforce 802.1X authentication for devices that do not support 802.1X supplicants. Which method should be configured on Cisco ISE to allow these devices to authenticate?

Question 107mediummultiple choice
Read the full Endpoint Security and Identity explanation →

A security analyst notices that a file initially deemed 'unknown' by Cisco AMP for Endpoints was later reclassified as 'malicious'. The analyst needs to investigate the propagation of this file across endpoints. Which Cisco AMP feature provides a timeline view of file activity and spread?

Question 108mediummultiple choice
Open the full VLAN trunking answer →

Cisco ISE is configured with posture assessment to ensure endpoints meet security requirements before gaining network access. After a posture check, ISE needs to dynamically change the VLAN assignment for a non-compliant endpoint. Which ISE feature enables this real-time change?

Question 109hardmultiple choice
Read the full VPN explanation →

A company uses Cisco ISE for network access control. They want to authenticate users connecting via VPN using multi-factor authentication. Which solution integrates with ISE to provide MFA for AnyConnect VPN?

Question 110easymultiple choice
Read the full Endpoint Security and Identity explanation →

In the 802.1X authentication process, which component is responsible for relaying authentication messages between the client and the authentication server?

Question 111mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An organization wants to grant temporary administrative access to a server for a specific task and automatically revoke the access after the task is completed. Which Cisco solution should be used?

Question 112hardmultiple choice
Read the full Endpoint Security and Identity explanation →

A security team deploys Cisco AMP for Endpoints and wants to detect and block memory injection attacks. Which AMP feature should be enabled to achieve this?

Question 113easymultiple choice
Read the full DHCP explanation →

Cisco ISE uses profiling to identify the type of device connecting to the network. Which probe helps ISE identify a device by analyzing the DHCP requests it sends?

Question 114mediummultiple choice
Read the full Endpoint Security and Identity explanation →

An administrator configures Cisco ISE for guest access with a sponsor portal. What is the primary purpose of the sponsor portal?

Question 115hardmultiple choice
Read the full Endpoint Security and Identity explanation →

An endpoint running Cisco AMP for Endpoints is suspected of being compromised. The security analyst needs to isolate the process and perform a live investigation. Which EDR capability should the analyst use?

Question 116mediummulti select
Read the full Endpoint Security and Identity explanation →

An organization uses Cisco ISE for network access control. They want to authenticate users with certificates for strong security. Which two EAP methods support certificate-based authentication? (Choose two.)

Question 117mediummulti select
Read the full Endpoint Security and Identity explanation →

Cisco ISE can profile endpoints using various probes. Which three probes are used for device profiling? (Choose three.)

Question 118easymulti select
Read the full Endpoint Security and Identity explanation →

Cisco AMP for Endpoints provides endpoint protection. Which two are core capabilities of AMP? (Choose two.)

Question 119hardmulti select
Read the full Endpoint Security and Identity explanation →

An organization wants to implement EDR capabilities for endpoints. Which three actions are typically associated with EDR? (Choose three.)

Question 120mediummulti select
Read the full Endpoint Security and Identity explanation →

Cisco TrustSec uses Security Group Tags (SGTs) for policy enforcement. Which two components are required for TrustSec to function? (Choose two.)

Question 121mediummulti select
Read the full Endpoint Security and Identity explanation →

A network administrator is deploying Cisco ISE for network access control. The network includes printers and IP phones that do not support 802.1X. Which TWO methods can be used to authenticate these devices?

Question 122hardmulti select
Read the full Endpoint Security and Identity explanation →

A security analyst is investigating a malware outbreak that occurred on endpoints protected by Cisco AMP for Endpoints. The malware was initially undetected but later identified as malicious based on new threat intelligence. Which THREE capabilities of AMP allow the analyst to trace the infection and remediate?

Question 123easymulti select
Read the full VPN explanation →

An organization wants to implement multi-factor authentication for remote VPN access using Cisco AnyConnect. Which TWO authentication methods are supported when integrating with Cisco Duo?

Question 124mediummulti select
Read the full Endpoint Security and Identity explanation →

A network engineer is configuring Cisco TrustSec on a switch to enforce segmentation. Which THREE components are required for TrustSec to assign a Security Group Tag (SGT) to a user after successful authentication via ISE?

Question 125hardmulti select
Read the full Endpoint Security and Identity explanation →

An organization is implementing Privileged Access Management (PAM) using CyberArk integrated with Cisco SecureX. Which THREE capabilities are typically provided by such a PAM solution?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

350-701 Practice Test 1 — 25 Questions→350-701 Practice Test 2 — 25 Questions→350-701 Practice Test 3 — 25 Questions→350-701 Practice Test 4 — 25 Questions→350-701 Practice Test 5 — 25 Questions→350-701 Practice Exam 1 — 20 Questions→350-701 Practice Exam 2 — 20 Questions→350-701 Practice Exam 3 — 20 Questions→350-701 Practice Exam 4 — 20 Questions→Free 350-701 Practice Test 1 — 30 Questions→Free 350-701 Practice Test 2 — 30 Questions→Free 350-701 Practice Test 3 — 30 Questions→350-701 Practice Questions 1 — 50 Questions→350-701 Practice Questions 2 — 50 Questions→350-701 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security ConceptsNetwork SecurityEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Endpoint Security and Identity setsAll Endpoint Security and Identity questions350-701 Practice Hub