Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-701TopicsEndpoint Protection and Detection
Free · No Signup RequiredCisco · 350-701

350-701 Endpoint Protection and Detection Practice Questions

20+ practice questions focused on Endpoint Protection and Detection — one of the most tested topics on the Cisco SCOR / CCNP Security Core 350-701 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Endpoint Protection and Detection Practice

Exam Domains

Endpoint Protection and DetectionSecure Network Access, Visibility and EnforcementSecurity ConceptsNetwork SecurityCloud SecurityContent SecurityAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Endpoint Protection and Detection Questions

Practice all 20+ →
1.

A security administrator notices that several endpoints in the finance department are exhibiting unusual network behavior, including connections to known malicious IP addresses. The administrator has deployed Cisco Secure Endpoint (formerly AMP for Endpoints) with TETRA and has enabled the built-in firewall. What is the best course of action to quickly identify the root cause and contain the threat?

A.Disable the built-in firewall on the endpoints to allow full traffic inspection by the TETRA engine.
B.Use the Cisco Secure Endpoint console to review the TETRA engine's real-time traffic analysis and isolate the affected endpoints.
C.Wait for the weekly threat report from Cisco Talos to identify the malware family and then apply a signature update.
D.Uninstall the Cisco Secure Endpoint connector and reinstall it with a fresh policy.

Explanation: Option B is correct because Cisco Secure Endpoint with TETRA provides real-time traffic analysis and endpoint isolation capabilities directly from the console. The TETRA engine inspects network flows using behavioral analysis and machine learning, and the administrator can immediately isolate affected endpoints to prevent lateral movement while reviewing the root cause.

2.

An organization wants to prevent malware from executing on endpoints by using a file reputation service. Which Cisco technology provides cloud-based file reputation and analysis for endpoint protection?

A.Cisco Stealthwatch
B.Cisco Identity Services Engine (ISE)
C.Cisco Firepower NGFW
D.Cisco Secure Endpoint (AMP for Endpoints)

Explanation: Cisco Secure Endpoint (formerly AMP for Endpoints) is the correct answer because it provides cloud-based file reputation and analysis through its Advanced Malware Protection (AMP) cloud. This service uses global threat intelligence and machine learning to analyze file behavior, assign reputation scores, and block or quarantine malicious files on endpoints in real time.

3.

A security engineer is troubleshooting an issue where a known malicious file (SHA-256: 3a7c...f9e) is not being detected by Cisco Secure Endpoint on a Windows 10 endpoint. The file was downloaded from the internet. The policy has the 'File Reputation' setting set to 'Use cloud lookup', and the 'Exploit Prevention' module is enabled. The endpoint is connected to the internet and can reach the AMP cloud. What is the most likely reason for the missed detection?

A.The endpoint was offline when the file was first written to disk, so the cloud lookup was skipped.
B.Windows Defender Real-time Protection is interfering with the AMP connector.
C.The Exploit Prevention module is blocking the cloud lookup process.
D.The AMP cloud license has expired for the organization.

Explanation: Option A is correct because Cisco Secure Endpoint's 'File Reputation' with 'Use cloud lookup' requires the endpoint to be online at the moment the file is written to disk. If the endpoint was offline during that critical window, the connector cannot perform the SHA-256 cloud lookup against the AMP cloud, and the file is not evaluated for maliciousness. The file remains undetected until a subsequent scan or event triggers a new lookup, which may not happen automatically.

4.

A security analyst is investigating an alert from Cisco Secure Endpoint indicating that an endpoint has been infected with ransomware. The analyst wants to determine the initial infection vector. Which feature of Cisco Secure Endpoint should the analyst use to trace the chain of events leading to the infection?

A.Orbital Advanced Search
B.TETRA traffic analysis
C.Windows Event Viewer integration
D.Device Flow Correlation

Explanation: Orbital Advanced Search is the correct feature because it provides deep forensic visibility into endpoint activity, allowing the analyst to perform advanced queries across files, processes, registry keys, and network connections. This enables tracing the chain of events—such as a malicious email attachment, exploit, or drive-by download—that led to the ransomware infection, by correlating timestamps and process parent-child relationships.

5.

A company is deploying Cisco Secure Endpoint and wants to ensure that endpoints are protected against zero-day exploits. Which two features should be enabled to provide this protection? (Choose two.)

A.File Reputation
B.Exploit Prevention
C.Malware Analytics (sandboxing)
D.Application Control

Explanation: Exploit Prevention (B) is correct because it uses exploit-specific signatures and behavioral monitoring to block common exploitation techniques (e.g., heap spray, ROP, SEH overwrite) without relying on known malware signatures, making it effective against zero-day exploits. Malware Analytics (C) is correct because it detonates suspicious files in a sandboxed environment to analyze behavior and detect previously unknown threats, providing protection against zero-day malware before signatures are available.

+15 more Endpoint Protection and Detection questions available

Practice all Endpoint Protection and Detection questions

How to master Endpoint Protection and Detection for 350-701

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Endpoint Protection and Detection. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Endpoint Protection and Detection questions on the 350-701 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many 350-701 Endpoint Protection and Detection questions are on the real exam?

The exact number varies per candidate. Endpoint Protection and Detection is tested as part of the Cisco SCOR / CCNP Security Core 350-701 blueprint. Practicing with targeted Endpoint Protection and Detection questions ensures you can handle any format or difficulty that appears.

Are these 350-701 Endpoint Protection and Detection practice questions free?

Yes. Courseiva provides free 350-701 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Endpoint Protection and Detection one of the harder 350-701 topics?

Difficulty is subjective, but Endpoint Protection and Detection is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Endpoint Protection and Detection practice session with instant scoring and detailed explanations.

Start Endpoint Protection and Detection Practice →

Topic Info

Topic

Endpoint Protection and Detection

Exam

350-701

Questions available

20+