350-701 · topic practice

Endpoint Security and Identity practice questions

Practise Cisco SCOR / CCNP Security Core 350-701 Endpoint Security and Identity practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Endpoint Security and Identity

What the exam tests

What to know about Endpoint Security and Identity

IPv6 questions usually test address types (link-local, global unicast, ULA), autoconfiguration (SLAAC), Neighbor Discovery Protocol and the differences from IPv4.

IPv6 address types and their scopes (link-local, global unicast, multicast, ULA).

SLAAC vs DHCPv6 vs stateful assignment.

Neighbor Discovery Protocol replacing ARP.

IPv6 routing differences and dual-stack coexistence.

Watch out for

Common Endpoint Security and Identity exam traps

  • Link-local addresses are not routable beyond the local link.
  • SLAAC uses EUI-64 or random interface IDs — not a DHCP server.
  • NDP uses ICMPv6, not ARP.
  • An IPv6 prefix is /64 for most host subnets, not /24.

Practice set

Endpoint Security and Identity questions

20 questions · select your answer, then reveal the explanation

A network administrator wants to deploy Cisco AMP for Endpoints to protect endpoints. Which feature allows the detection of a file that was initially deemed benign but later discovered to be malicious?

An engineer is configuring Cisco ISE for 802.1X authentication. The organization has a mix of devices, including some that do not support 802.1X supplicants. Which method should the engineer use to allow these non-supplicant devices to authenticate?

During a security incident, a SOC analyst notices that a malicious file was executed on an endpoint. Using Cisco AMP for Endpoints, which feature should the analyst use to visualize the file's propagation and activities across the network over time?

Question 4mediummultiple choice
Read the full DHCP explanation →

In Cisco ISE, profiling is used to identify device types. Which probe must be enabled for ISE to determine the operating system of a device by analyzing DHCP options?

An organization wants to enforce endpoint posture compliance before granting network access. In Cisco ISE, which component performs the actual checks on the endpoint to verify antivirus status and patch levels?

Question 6mediummultiple choice
Read the full VPN explanation →

A security engineer is configuring Duo for VPN authentication with AnyConnect. Which authentication factor does Duo provide in addition to the user's primary credentials?

Question 7hardmultiple choice
Open the full VLAN trunking answer →

In a Cisco ISE deployment, after a device passes posture assessment, ISE needs to dynamically change the VLAN assignment for the device. Which protocol or feature enables ISE to send a new authorization policy to the network access device without requiring the endpoint to reauthenticate?

Which component in the 802.1X architecture is responsible for relaying authentication messages between the client and the authentication server?

An organization uses Cisco AMP for Endpoints and wants to perform a remote investigation on an infected endpoint. The security analyst needs to isolate the endpoint from the network while collecting forensic data. Which AMP feature should be used?

In Cisco ISE, which protocol is used for EAP-TLS authentication, and what is the primary requirement for the client to successfully authenticate?

A company wants to implement privileged access management (PAM) to secure administrative credentials. They need a solution that provides just-in-time access and session recording. Which product integrated with Cisco SecureX can fulfill these requirements?

In Cisco AMP for Endpoints, which technology prevents exploit techniques such as code injection and memory corruption at runtime without relying on signatures?

A network administrator is configuring Cisco ISE for guest access. The company requires a solution where guests can create their own accounts and receive network access after a sponsor approves. Which two components must be configured? (Choose two.)

An organization wants to deploy endpoint hardening measures. Which three of the following are considered endpoint hardening techniques? (Choose three.)

An administrator is configuring Cisco ISE profiling using Device Sensor. Which two types of information can the Device Sensor collect from endpoints? (Choose two.)

A security engineer is deploying Cisco AMP for Endpoints in an organization. To ensure that any malicious file that was initially allowed but later determined to be malicious can be traced, which feature should be used?

During 802.1X authentication, which component acts as the intermediary that forwards authentication requests between the client and the authentication server?

A network administrator needs to provide network access to a legacy printer that does not support 802.1X. Which Cisco ISE feature should be used to authenticate this device?

An organization uses Cisco ISE for network access control. After a user authenticates via 802.1X, a posture assessment determines that the user's antivirus definitions are outdated. What ISE feature can be used to dynamically restrict the user's network access until the issue is resolved?

Which Cisco security product provides multi-factor authentication through push notifications, TOTP, and hardware tokens?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Endpoint Security and Identity sessions

Start a Endpoint Security and Identity only practice session

Every question in these sessions is drawn from the Endpoint Security and Identity domain — nothing else.

Related practice questions

Related 350-701 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 350-701 exam test about Endpoint Security and Identity?
IPv6 questions usually test address types (link-local, global unicast, ULA), autoconfiguration (SLAAC), Neighbor Discovery Protocol and the differences from IPv4.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Endpoint Security and Identity questions in a focused session?
Yes — the session launcher on this page draws every question from the Endpoint Security and Identity domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 350-701 topics?
Use the topic links above to move to related areas, or go back to the 350-701 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 350-701 exam covers. They are not copied from any real exam or dump site.