350-701 · topic practice

Content Security practice questions

Practise Cisco SCOR / CCNP Security Core 350-701 Content Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Content Security

What the exam tests

What to know about Content Security

Content Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Content Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Content Security questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Content Security explanation →

A security administrator notices that a significant volume of spam is bypassing the Cisco ESA's anti-spam filters. Upon investigation, they find that the messages have a mid-range SBRS score of 5.0. Which action should the administrator take to improve spam detection?

An organization is deploying Cisco ESA and wants to ensure that outbound emails containing credit card numbers are blocked. The administrator configures a DLP policy to scan for credit card patterns. However, some legitimate emails with credit card numbers are being incorrectly blocked. What is the best approach to reduce false positives while still preventing data leakage?

Question 3mediummultiple choice
Read the full Content Security explanation →

A Cisco WSA administrator wants to block access to social media sites for all users during work hours. The proxy is deployed in explicit mode. Which policy type should the administrator use to enforce this restriction?

Question 4easymultiple choice
Read the full DNS explanation →

Which Cisco content security solution uses DNS to block access to malicious domains and provides cloud-based proxy protection?

Question 5mediummultiple choice
Read the full Content Security explanation →

An organization using Cisco WSA in transparent proxy mode with WCCP redirect notices that some HTTPS traffic is not being decrypted for inspection. The administrator has enabled SSL decryption but certain traffic still bypasses. What is the most likely cause?

A Cisco ESA administrator is investigating an increase in false positive detections from the outbreak filter. The filter is configured to use TALOS intelligence and has a threshold of 'Medium'. Which action would most effectively reduce false positives while maintaining protection against new outbreaks?

Question 7mediummultiple choice
Read the full Content Security explanation →

A company is implementing DMARC for its domain. The administrator wants to instruct receivers to reject emails that fail SPF or DKIM checks. Which DMARC policy should the administrator set?

Which Cisco WSA feature allows administrators to control bandwidth usage per user or group by limiting the amount of bandwidth consumed for specific applications?

A security analyst receives an alert that a user clicked a link in an email that led to a malicious website. The email was allowed by the Cisco ESA because it passed SPF, DKIM, and DMARC checks. Later analysis reveals the email was sent from a compromised account within the same domain. Which type of attack best describes this scenario?

Question 10mediummultiple choice
Read the full Content Security explanation →

An organization is using Cisco Firepower NGFW to enforce content filtering. They want to block social media applications like Facebook and Twitter but allow LinkedIn for business purposes. Which feature should be used to differentiate between these applications?

Which Cisco email security feature uses SHA-256 hash lookups to detect known malware in email attachments?

Question 12mediummultiple choice
Read the full Content Security explanation →

A company is deploying Cisco Secure Web (WSA) and wants to integrate with Active Directory for user-based policies. The proxy is in transparent mode. Which technology allows the WSA to identify users transparently without requiring client configuration?

An administrator is configuring Cisco ESA to protect against Business Email Compromise (BEC) attacks. Which TWO of the following features are most effective in detecting and mitigating BEC?

A Cisco WSA administrator needs to implement HTTPS inspection for traffic from internal users. The administrator wants to avoid decrypting traffic to financial and healthcare sites due to compliance requirements. Which THREE actions should the administrator take to configure this policy?

Which TWO statements about Cisco Umbrella SIG are true?

Question 16easymultiple choice
Read the full DNS explanation →

To protect against phishing attacks that use fraudulent emails to trick users into revealing credentials, which email authentication technology verifies the sending domain's DNS records for a digital signature?

Question 17mediummultiple choice
Read the full Content Security explanation →

An organization wants to enforce a policy that blocks outbound emails containing Social Security numbers. Which feature of Cisco ESA should be configured?

A security engineer is configuring Cisco WSA in explicit proxy mode. Which traffic interception method is being used when each endpoint browser is configured with the proxy address?

Question 19mediummultiple choice
Read the full DNS explanation →

Which Cisco Umbrella feature provides protection against malicious domains by blocking DNS requests to known bad sites?

Question 20mediummultiple choice
Read the full Content Security explanation →

An organization wants to implement URL filtering based on user identity. The Cisco WSA must integrate with which directory service to apply policies per user or group?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Content Security sessions

Start a Content Security only practice session

Every question in these sessions is drawn from the Content Security domain — nothing else.

Related practice questions

Related 350-701 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 350-701 exam test about Content Security?
Content Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Content Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Content Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 350-701 topics?
Use the topic links above to move to related areas, or go back to the 350-701 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 350-701 exam covers. They are not copied from any real exam or dump site.