Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security Concepts practice sets

350-701 Security Concepts • Complete Question Bank

350-701 Security Concepts — All Questions With Answers

Complete 350-701 Security Concepts question bank — all 0 questions with answers and detailed explanations.

80
Questions
Free
No signup
Certifications/350-701/Practice Test/Security Concepts/All Questions
Question 1easymultiple choice
Read the full Security Concepts explanation →

Which security model requires that all subjects and devices are untrusted by default, and access is granted only after verification, regardless of the network location?

Question 2mediummultiple choice
Read the full Security Concepts explanation →

A security analyst notices unusual outbound traffic from an internal host to a known malicious IP address on TCP port 4444. The host is also exhibiting high CPU usage and running an unknown process. Which type of malware is most likely present?

Question 3mediummultiple choice
Read the full Security Concepts explanation →

An organization wants to ensure that digital certificates issued by its internal CA are validated for revocation in real-time. Which protocol should be implemented to allow clients to check certificate status without downloading a full CRL?

Question 4hardmultiple choice
Read the full Security Concepts explanation →

During a penetration test, an attacker sends a malicious payload to a web application that causes the server to execute arbitrary SQL commands on the backend database. Which type of attack is being performed?

Question 5mediummultiple choice
Read the full Security Concepts explanation →

A security administrator is configuring a Cisco Firepower NGFW to detect and block application-layer DDoS attacks. Which type of DDoS attack is characterized by overwhelming a server with incomplete HTTP requests, causing resource exhaustion?

Question 6easymultiple choice
Read the full Security Concepts explanation →

Which cryptographic algorithm is considered deprecated and should be avoided due to known vulnerabilities, especially when used in digital signatures and certificate signing?

Question 7mediummultiple choice
Review the full subnetting walkthrough →

An attacker uses ARP spoofing to intercept traffic between two devices on the same subnet. After successfully becoming a man-in-the-middle, the attacker can then perform which further attack to downgrade HTTPS connections to HTTP?

Question 8hardmultiple choice
Read the full Security Concepts explanation →

In a PKI hierarchy, which component is responsible for issuing and revoking certificates for end entities, and is directly subordinate to the root CA?

Question 9mediummultiple choice
Read the full Security Concepts explanation →

A security engineer is evaluating authentication methods. Which authentication factor category does a fingerprint scanner fall under?

Question 10easymultiple choice
Read the full DNS explanation →

Which Cisco security product is primarily designed to provide DNS-layer security by blocking requests to malicious domains?

Question 11hardmultiple choice
Read the full Security Concepts explanation →

A network administrator is configuring an ASA to enforce that traffic between two internal zones must be inspected by the firewall. Which security principle is being applied?

Question 12mediummultiple choice
Read the full DNS explanation →

An attacker performs a DNS cache poisoning attack on a recursive DNS server. What is the primary impact of this attack?

Question 13mediummulti select
Read the full Security Concepts explanation →

A security analyst is investigating a potential insider threat. Which TWO indicators are most commonly associated with malicious insider activity? (Choose two.)

Question 14hardmulti select
Read the full Security Concepts explanation →

A company is implementing a Zero Trust architecture. Which THREE principles are core to the Zero Trust model? (Choose three.)

Question 15mediummulti select
Read the full Security Concepts explanation →

A network engineer is tasked with securing email communications. Which TWO Cisco products are specifically designed for email security? (Choose two.)

Question 16easymultiple choice
Read the full Security Concepts explanation →

A security analyst is reviewing logs and sees multiple failed login attempts from a single IP address, followed by a successful login. Which type of attack does this represent?

Question 17mediummultiple choice
Read the full Security Concepts explanation →

An organization wants to implement a security model where no user or device is trusted by default, regardless of whether they are inside or outside the network perimeter. Which concept does this describe?

Question 18hardmultiple choice
Read the full DNS explanation →

A security engineer is configuring a Cisco Firepower NGFW to detect and block a new malware variant that communicates with a command-and-control server using encrypted DNS queries. Which Cisco security product is best suited to provide visibility into this malicious DNS traffic?

Question 19easymultiple choice
Read the full Security Concepts explanation →

Which of the following is an example of a passive reconnaissance technique?

Question 20mediummultiple choice
Read the full Security Concepts explanation →

A company deploys a solution that uses a root certificate authority (CA) and intermediate CAs to issue certificates. What is the term for the hierarchical structure of certificates from the root CA to the end entity?

Question 21mediummultiple choice
Read the full wireless explanation →

Which Cisco security product provides identity-based access control and policy enforcement for wired and wireless networks?

Question 22hardmultiple choice
Read the full Security Concepts explanation →

An attacker intercepts traffic between a client and a server and modifies the communication without either party knowing. Which type of attack is being performed?

Question 23easymultiple choice
Read the full Security Concepts explanation →

Which encryption algorithm is classified as symmetric?

Question 24mediummultiple choice
Read the full Security Concepts explanation →

A security team implements a policy where users must provide a password and a one-time code from a mobile app. Which authentication factors are being used?

Question 25hardmultiple choice
Read the full Security Concepts explanation →

A Cisco ESA administrator notices that a large number of emails with malicious attachments are being delivered to users. Which feature should be configured to inspect attachments in a sandbox environment before delivery?

Question 26mediummultiple choice
Read the full Security Concepts explanation →

What is the primary purpose of a digital signature?

Question 27mediummultiple choice
Read the full Security Concepts explanation →

Which type of malware is characterized by encrypting files on a victim's system and demanding payment for the decryption key?

Question 28mediummulti select
Read the full Security Concepts explanation →

A security analyst is investigating a potential ARP spoofing attack. Which two symptoms would indicate this type of attack?

Question 29easymulti select
Read the full Security Concepts explanation →

Which three components are part of the CIA triad?

Question 30hardmulti select
Read the full Security Concepts explanation →

A company is planning to deploy a Zero Trust architecture. Which two principles are fundamental to Zero Trust?

Question 31easymultiple choice
Read the full Security Concepts explanation →

Which component of the CIA triad ensures that data is not altered by unauthorized entities during transmission?

Question 32mediummultiple choice
Read the full Security Concepts explanation →

An attacker uses a tool to scan a target network for open ports and running services. Which type of reconnaissance does this represent?

Question 33hardmultiple choice
Read the full VPN explanation →

A security administrator is evaluating symmetric encryption algorithms for a new VPN deployment. Which algorithm uses a 128-bit block size and supports key sizes of 128, 192, and 256 bits?

Question 34easymultiple choice
Read the full Security Concepts explanation →

Which of the following is a characteristic of a zero trust security model?

Question 35mediummultiple choice
Read the full Security Concepts explanation →

An employee receives an email that appears to be from the company's IT department requesting their login credentials. This is an example of which type of attack?

Question 36hardmultiple choice
Read the full Security Concepts explanation →

A security engineer is configuring a Cisco Firepower NGFW to detect a buffer overflow attack. Which attack vector is this?

Question 37mediummultiple choice
Read the full Security Concepts explanation →

What is the primary function of a Certificate Revocation List (CRL) in a PKI?

Question 38easymultiple choice
Read the full DNS explanation →

Which Cisco security product provides DNS-layer security to block malicious domains and cloud-based threats?

Question 39mediummultiple choice
Read the full Security Concepts explanation →

An organization implements multi-factor authentication requiring a password and a fingerprint scan. Which two authentication factors are being used?

Question 40hardmultiple choice
Read the full Security Concepts explanation →

An attacker intercepts traffic between a client and server using ARP spoofing. Which type of attack is this?

Question 41mediummultiple choice
Read the full Security Concepts explanation →

Which Cisco security product is primarily used for endpoint threat detection and retrospective security?

Question 42easymultiple choice
Read the full Security Concepts explanation →

What is the primary purpose of a digital signature?

Question 43mediummulti select
Read the full Security Concepts explanation →

An organization is implementing a zero trust architecture. Which two principles are foundational to this model? (Choose two.)

Question 44hardmulti select
Read the full Security Concepts explanation →

A security analyst detects a DDoS attack targeting the company's web server. Which three attack types are classified as application layer attacks? (Choose three.)

Question 45mediummulti select
Read the full Security Concepts explanation →

Which three cryptographic algorithms are considered secure for use in modern systems? (Choose three.)

Question 46easymultiple choice
Read the full Security Concepts explanation →

An attacker uses Shodan to discover internet-facing ICS devices and then performs banner grabbing. This is an example of which type of attack?

Question 47mediummultiple choice
Read the full Security Concepts explanation →

A security analyst notices traffic from an internal host to an external IP address on port 4444, and the host's CPU is high. The host has been running unknown processes. Which type of malware is most likely involved?

Question 48hardmultiple choice
Read the full Security Concepts explanation →

An organization implements a policy where every access request must be authenticated and authorized, even if it originates from within the internal network. Network segments are isolated, and lateral movement is restricted through microsegmentation. Which security model does this align with?

Question 49easymultiple choice
Read the full DNS explanation →

Which Cisco product provides DNS-layer security to block malicious domains and prevent connections to malware command-and-control servers?

Question 50mediummultiple choice
Read the full Security Concepts explanation →

An attacker intercepts communication between a client and server by spoofing ARP messages to associate the attacker's MAC address with the server's IP. This is an example of which type of attack?

Question 51mediummultiple choice
Read the full Security Concepts explanation →

A web application accepts user input and directly includes it in SQL queries without sanitization. An attacker submits a single quote (') to cause a syntax error. What is this attack called?

Question 52hardmultiple choice
Read the full Security Concepts explanation →

A security engineer needs to choose a hashing algorithm for storing passwords. Which of the following should be avoided due to known collision vulnerabilities?

Question 53easymultiple choice
Read the full Security Concepts explanation →

Which authentication factor does a fingerprint scanner represent?

Question 54mediummultiple choice
Read the full Security Concepts explanation →

When a certificate is revoked, which protocol allows a client to check the revocation status in real-time without downloading a full CRL?

Question 55mediummultiple choice
Read the full Security Concepts explanation →

Which Cisco product provides advanced malware protection for endpoints, including file analysis and retrospective security?

Question 56hardmultiple choice
Read the full Security Concepts explanation →

An attacker sends a flood of SYN packets with spoofed IP addresses to a server, causing it to allocate resources for half-open connections until it can no longer accept legitimate traffic. This is which type of DDoS attack?

Question 57easymultiple choice
Read the full VPN explanation →

Which symmetric encryption algorithm is considered the current standard and is often used in VPNs and SSL/TLS?

Question 58mediummulti select
Read the full Security Concepts explanation →

A security analyst observes a sustained increase in traffic from many different IP addresses to a single web application, causing CPU spikes. The traffic consists of legitimate-looking HTTP GET requests for the same resource. Which TWO types of attack could this be? (Choose two.)

Question 59hardmulti select
Read the full Security Concepts explanation →

A company wants to implement a Zero Trust architecture. Which THREE principles should be included? (Choose three.)

Question 60mediummulti select
Read the full Security Concepts explanation →

A network administrator wants to deploy security products that provide network-based intrusion prevention and advanced threat detection. Which TWO Cisco products are most suitable? (Choose two.)

Question 61easymultiple choice
Read the full Security Concepts explanation →

A security analyst is reviewing logs and identifies numerous ICMP echo requests from an external IP address to multiple internal hosts. Which type of reconnaissance activity is this?

Question 62mediummultiple choice
Read the full Security Concepts explanation →

An attacker injects a malicious SQL query into a web application's login form, bypassing authentication. Which type of exploitation is this?

Question 63mediummultiple choice
Read the full Security Concepts explanation →

A company's server is infected with malware that encrypts files and demands payment for decryption. Which type of malware is this?

Question 64easymultiple choice
Read the full VPN explanation →

Which cryptographic algorithm is a symmetric block cipher commonly used in modern VPNs and is considered secure?

Question 65hardmultiple choice
Read the full Security Concepts explanation →

A PKI administrator needs to check the revocation status of a certificate without causing a heavy load on the CA. Which protocol should be used?

Question 66mediummultiple choice
Read the full Security Concepts explanation →

Which security model mandates that access decisions should be based on context, device posture, and user identity, and never trust any entity by default?

Question 67mediummultiple choice
Read the full Security Concepts explanation →

An attacker intercepts ARP packets on a local network and associates their MAC address with the IP address of a legitimate host. This is an example of which attack?

Question 68hardmultiple choice
Read the full network assurance explanation →

A security engineer is evaluating Cisco solutions to detect and respond to network anomalies, including potential insider threats, by analyzing NetFlow data and behavioral patterns. Which Cisco product is best suited?

Question 69easymultiple choice
Read the full Security Concepts explanation →

Which authentication factor relies on something the user is, such as a fingerprint or retina scan?

Question 70mediummultiple choice
Read the full DNS explanation →

A company wants to protect against DNS-based attacks by filtering malicious domains and providing secure DNS resolution. Which Cisco product should be deployed?

Question 71hardmultiple choice
Read the full Security Concepts explanation →

During an incident response, a forensic analyst finds that an attacker used a script to modify ARP tables, enabling them to intercept and modify traffic between two hosts. Which attack technique was used?

Question 72easymultiple choice
Read the full Security Concepts explanation →

Which Cisco product provides next-generation firewall (NGFW) capabilities, including application visibility and intrusion prevention?

Question 73mediummulti select
Read the full Security Concepts explanation →

A security administrator is implementing a zero-trust architecture. Which two principles are core to the zero-trust model? (Choose two.)

Question 74mediummulti select
Read the full Security Concepts explanation →

An organization is experiencing a DDoS attack that floods the network with large volumes of traffic, overwhelming bandwidth. Which three types of DDoS attacks are primarily volumetric? (Choose three.)

Question 75hardmulti select
Read the full Security Concepts explanation →

A security team is investigating a breach where the attacker gained access to a server using stolen credentials. Later, the attacker moved laterally and exfiltrated data. Which three security controls would best help detect and prevent lateral movement? (Choose three.)

Question 76mediummulti select
Read the full Security Concepts explanation →

A security engineer is implementing a zero trust architecture. Which TWO principles are foundational to zero trust? (Choose two.)

Question 77hardmulti select
Read the full Security Concepts explanation →

An organization is experiencing repeated SQL injection attacks. A security analyst is tasked with recommending mitigations. Which THREE actions are most effective in preventing SQL injection? (Choose three.)

Question 78easymulti select
Read the full Security Concepts explanation →

A network administrator is configuring PKI for secure communications. Which TWO components are essential for a public key infrastructure? (Choose two.)

Question 79mediummulti select
Read the full Security Concepts explanation →

A security analyst is investigating a malware outbreak. Analysis reveals a remote access trojan (RAT) that communicates with a command-and-control (C2) server. Which TWO behaviors are typical of a RAT? (Choose two.)

Question 80hardmulti select
Read the full Security Concepts explanation →

An organization is adopting Cisco's security portfolio. Which THREE products are correctly paired with their primary function? (Choose three.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

350-701 Practice Test 1 — 25 Questions→350-701 Practice Test 2 — 25 Questions→350-701 Practice Test 3 — 25 Questions→350-701 Practice Test 4 — 25 Questions→350-701 Practice Test 5 — 25 Questions→350-701 Practice Exam 1 — 20 Questions→350-701 Practice Exam 2 — 20 Questions→350-701 Practice Exam 3 — 20 Questions→350-701 Practice Exam 4 — 20 Questions→Free 350-701 Practice Test 1 — 30 Questions→Free 350-701 Practice Test 2 — 30 Questions→Free 350-701 Practice Test 3 — 30 Questions→350-701 Practice Questions 1 — 50 Questions→350-701 Practice Questions 2 — 50 Questions→350-701 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security ConceptsNetwork SecurityEndpoint Security and IdentityCloud SecurityContent SecurityEndpoint Protection and DetectionSecure Network Access, Visibility and Enforcement

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security Concepts setsAll Security Concepts questions350-701 Practice Hub