Back to Cisco SCOR / CCNP Security Core 350-701 questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise Cisco SCOR / CCNP Security Core 350-701 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
350-701
exam code
Cisco
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related 350-701 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmulti select
Full question →

Which THREE are characteristics of Cisco Stealthwatch?

Question 2mediummulti select
Full question →

Which TWO are valid methods for implementing Network Admission Control (NAC) in a Cisco environment?

Question 3hardmulti select
Full question →

Which TWO configuration steps are required to enable Cisco AMP for Endpoints to use the Threat Grid appliance for file analysis?

Question 4mediummulti select
Full question →

Which TWO of the following are valid methods for deploying Cisco Firepower Threat Defense (FTD) in high availability?

Question 5hardmulti select
Full question →

Which THREE of the following are features of Cisco Identity Services Engine (ISE) that can be used to enforce network access control?

Question 6mediummulti select
Full question →

A network engineer is implementing Cisco TrustSec in an enterprise network. Which two components are required for TrustSec to function correctly? (Choose two.)

Question 7hardmulti select
Full question →

Which TWO of the following are true about MACsec?

Question 8mediummulti select
Full question →

Which TWO methods can be used to enforce least privilege within a network infrastructure? (Choose two.)

Question 9mediummulti select
Full question →

A company is implementing zero trust architecture in the cloud. Which TWO principles are fundamental to zero trust? (Choose two.)

Question 10mediummulti select
Full question →

A company uses Amazon Web Services (AWS) and wants to integrate with Cisco Defense Orchestrator (CDO) for centralized security management. Which THREE capabilities does CDO provide when managing AWS security services? (Choose three.)

Question 11mediummulti select
Full question →

Which TWO of the following are best practices when configuring Cisco Email Security Appliance (ESA) anti-spam filters? (Choose two.)

Question 12mediummulti select
Full question →

Which TWO of the following are required for successful registration of an AMP for Endpoints connector with the cloud?

Question 13hardmulti select
Full question →

Which TWO indicators of compromise (IOCs) can Cisco AMP for Endpoints detect and alert on?

Question 14easymulti select
Full question →

Which TWO actions can be taken on a malicious file detected by Cisco AMP for Endpoints?

Question 15easymulti select
Full question →

Which THREE of the following are indicators of compromise (IOCs) that can be detected by Cisco AMP for Endpoints?

Question 16mediummulti select
Full question →

Which TWO of the following are valid detection methods used by Cisco AMP for Endpoints to identify malicious activity?

Question 17easymulti select
Full question →

Which TWO of the following are indicators of compromise (IOCs) that can be detected by Cisco AMP for Endpoints?

Question 18hardmulti select
Full question →

Which TWO of the following are valid action types that can be assigned to a file in an AMP policy rule?

Question 19mediummulti select
Full question →

Which TWO of the following are capabilities of Cisco Orbital?

Question 20hardmulti select
Full question →

Which THREE of the following are valid methods to deploy Cisco AMP for Endpoints Connector on Windows endpoints?

These 350-701 practice questions are part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style 350-701 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.