350-701 · topic practice

Security Concepts practice questions

Use this page to practise Security Concepts questions for this certification. Focus on how the exam tests security concepts in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security Concepts

What the exam tests

What to know about Security Concepts

Security Concepts questions on this certification test your ability to deploy and manage security concepts concepts in scenario-based situations.

Core Security Concepts concepts and how they apply in real-world cloud scenarios.

How to deploy security concepts correctly and verify the outcome.

Troubleshooting security concepts issues by interpreting error output and system state.

Cloud best practices and Security Concepts design trade-offs tested by this certification.

Watch out for

Common Security Concepts exam traps

  • Selecting the most expensive service when a simpler managed option meets the requirement.
  • Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • Choosing a global service fix when the issue is region-specific.
  • Overlooking cost implications of cross-region data transfer in architecture questions.

Practice set

Security Concepts questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Open the full VLAN trunking answer →

A network security engineer is deploying Cisco Firepower Threat Defense (FTD) in a data center. The requirement is to inspect traffic between two internal VLANs while allowing the firewall to enforce access control policies based on source and destination zones. Which deployment mode should the engineer use?

Question 2hardmultiple choice
Study the full SD-WAN breakdown →

A security architect is designing a zero-trust architecture for a remote workforce using Cisco SD-WAN. The company requires that all traffic between branch sites and the data center is encrypted and authenticated, and that no device can access resources unless it has a valid certificate. Which technology should be used to enforce device identity?

Question 3easymultiple choice
Study the full ACL explanation →

An engineer is troubleshooting a Cisco ASA firewall and notices that traffic from a specific subnet is being dropped. The engineer wants to verify if the drop is due to an access control list (ACL) or an inspection policy. Which command should be used to see the reason for packet drops?

Which TWO of the following are valid approaches to mitigate ARP spoofing attacks on a switched network?

Which THREE of the following are key principles of the Cisco Zero Trust security model?

Question 6mediummultiple choice
Read the full DHCP explanation →

Refer to the exhibit. An engineer has configured IP Source Guard and DHCP Snooping. A host with MAC 00:11:22:33:44:55 on Gi0/0 is assigned IP 192.168.1.10 via DHCP. However, the host cannot ping its default gateway 192.168.1.1. What is the most likely cause?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip verify source
!
interface GigabitEthernet0/1
 ip address 192.168.2.1 255.255.255.0
 ip verify source
!
ip dhcp snooping vlan 1-100
ip dhcp snooping information option
ip dhcp snooping
!
ip source binding 00:11:22:33:44:55 vlan 10 192.168.1.10 interface GigabitEthernet0/0
!

Refer to the exhibit. An engineer is analyzing an intrusion policy on Cisco Firepower Management Center (FMC). The network uses Windows servers and clients. A flood of HTTP traffic is being detected as a potential attack, but it is legitimate. Which preprocessor configuration change would most likely reduce false positives without losing detection of real attacks?

Exhibit

Refer to the exhibit.

! Cisco FMC intrusion policy snippet
preprocessor global_sensitivity: sensitivity_level high
preprocessor frag3: frag3_engine policy=first, bind_to=0.0.0.0
preprocessor stream5_global: track_tcp yes, track_udp yes
preprocessor stream5_tcp: policy=windows, use_static_footprint_sizes yes
preprocessor http_inspect: global iis_unicode_map unicode.map 1252
preprocessor http_inspect: default_inspect_http_profiles
preprocessor smtp: ports 25 465 587
!
Question 8easymultiple choice
Read the full DNS explanation →

A company is implementing Cisco Umbrella to provide DNS-layer security. They want to block access to known malicious domains while allowing all other traffic. Which policy configuration should be used?

An engineer is configuring Cisco ISE for guest access. The requirement is that guests must accept an acceptable use policy (AUP) before being granted network access. Which portal type should be used?

Question 10mediummulti select
Read the full VPN explanation →

Which TWO of the following are valid methods for authenticating VPN users in a Cisco AnyConnect deployment?

Which THREE of the following are common indicators of a DDoS attack at the network layer?

A financial company has a data center with Cisco FTD firewalls in a high-availability pair. They use Cisco ISE for network access control and Cisco Stealthwatch for network visibility. Recently, they deployed a new web application that is accessed by both internal employees and external customers. The application uses HTTPS on port 443. After deployment, the security team notices that the FTD is dropping some HTTPS sessions that appear legitimate. The drops are inconsistent and seem to occur only during peak hours. The FTD logs show the drop reason as 'TCP state violation'. The team has verified that the web server and clients are configured correctly. The Stealthwatch reports show no anomalies. What is the most likely cause and solution?

A security engineer is configuring a Cisco ASA to block traffic from a specific IP address. Which access control entry (ACE) should be applied to the inbound direction of the outside interface?

Question 14mediummultiple choice
Read the full DNS explanation →

A company is deploying Cisco Umbrella to protect against DNS-based threats. Which deployment method provides the most comprehensive coverage for all devices on the network without requiring per-device configuration?

An engineer is troubleshooting traffic drops on a Cisco Firepower Threat Defense (FTD) device. The traffic is allowed by the access control policy but is being dropped. Which feature should the engineer check to identify the cause of the drop?

Drag and drop the steps to configure 802.1X port-based authentication on a Cisco switch in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediumdrag order
Review the full routing breakdown →

Drag and drop the steps to recover a lost password on a Cisco IOS router in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each protocol to its default port number.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

443

22

53

25

161

Match each Cisco security solution to its primary use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Next-generation firewall and IPS

DNS-layer security and web filtering

Endpoint threat detection and response

Network access control and policy enforcement

Network traffic analysis and anomaly detection

Question 20easymultiple choice
Open the full VLAN trunking answer →

A network engineer is configuring a new firewall to enforce security policies between two internal VLANs. The goal is to allow only HTTP traffic from the finance VLAN to the HR VLAN, while blocking all other traffic. Which type of firewall rule should be applied to achieve this requirement with minimal administrative overhead?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security Concepts sessions

Start a Security Concepts only practice session

Every question in these sessions is drawn from the Security Concepts domain — nothing else.

Related practice questions

Related 350-701 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 350-701 exam test about Security Concepts?
Security Concepts questions on this certification test your ability to deploy and manage security concepts concepts in scenario-based situations.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security Concepts questions in a focused session?
Yes — the session launcher on this page draws every question from the Security Concepts domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 350-701 topics?
Use the topic links above to move to related areas, or go back to the 350-701 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 350-701 exam covers. They are not copied from any real exam or dump site.