350-701 · topic practice

Troubleshooting practice questions

Practise Cisco SCOR / CCNP Security Core 350-701 Troubleshooting practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Troubleshooting

What the exam tests

What to know about Troubleshooting

Troubleshooting questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Troubleshooting exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Troubleshooting questions

20 questions · select your answer, then reveal the explanation

Question 1easymultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting an IPsec VPN tunnel that fails to establish. The configuration includes a crypto map with a matching access list. Which command should be used to verify the security associations and error counters for the IPsec phase?

Question 2mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting an issue where users on VLAN 10 cannot access the internet, but they can reach internal resources. The firewall is configured with a default route pointing to the ISP router. The engineer notices that NAT is configured but traffic is not being translated. Which configuration is most likely missing?

Question 3easymultiple choice
Read the full VPN explanation →

An engineer is troubleshooting a site-to-site IPsec VPN between two Cisco routers. The tunnel is not establishing. Which command would verify that IKE phase 1 negotiations have completed successfully?

Question 4mediummultiple choice
Open the full VLAN trunking answer →

A network administrator is troubleshooting an issue where users in the finance VLAN are unable to access a critical server in the server VLAN. The switch logs show multiple 'Authentication failed' messages for MAC addresses in the finance VLAN. The switchport security feature is enabled on the access ports. What is the most likely cause of the issue?

A network engineer is troubleshooting an issue where an endpoint is failing to authenticate via 802.1X on a Cisco switch. The switch port is in unauthorized state. Which step should the engineer take first to identify the root cause?

An engineer is troubleshooting traffic drops on a Cisco Firepower Threat Defense (FTD) device. The traffic is allowed by the access control policy but is being dropped. Which feature should the engineer check to identify the cause of the drop?

Question 7easymultiple choice
Open the full VLAN trunking answer →

A network administrator is troubleshooting an issue where users in the Sales VLAN cannot access the internet through the Cisco Firepower Threat Defense (FTD) device. The FTD is configured with a security policy that allows traffic from the Sales subnet to any destination. However, the traffic is being blocked. Which feature should the administrator check first to resolve the issue?

A security engineer is troubleshooting an issue where a known malicious file (SHA-256: 3a7c...f9e) is not being detected by Cisco Secure Endpoint on a Windows 10 endpoint. The file was downloaded from the internet. The policy has the 'File Reputation' setting set to 'Use cloud lookup', and the 'Exploit Prevention' module is enabled. The endpoint is connected to the internet and can reach the AMP cloud. What is the most likely reason for the missed detection?

An administrator is troubleshooting an issue where emails sent to a specific external domain are being delayed by up to 30 minutes. The Cisco ESA is configured with multiple mail exchangers (MX) for delivery. The logs show that the ESA is attempting delivery to the primary MX, which is unresponsive, and failing over to the secondary MX after 30 minutes. What change should be made to reduce the delivery delay?

Question 10mediummultiple choice
Read the full Troubleshooting explanation →

A network administrator is troubleshooting why users in the marketing department cannot access a specific cloud storage site through the Cisco WSA. The access policy for marketing is set to 'Monitor' for the File Sharing category, but the site is blocked. What is the most likely reason?

Question 11mediummultiple choice
Read the full Troubleshooting explanation →

A network engineer is troubleshooting an endpoint that failed to receive policy updates from the Cisco AMP cloud. The endpoint shows 'Out-of-Date' in the AMP console. The engineer verifies that the endpoint has outbound HTTPS access to the AMP cloud. What additional step should the engineer take to resolve the issue?

Question 12easymultiple choice
Study the full ACL explanation →

An engineer is troubleshooting a Cisco ASA firewall and notices that traffic from a specific subnet is being dropped. The engineer wants to verify if the drop is due to an access control list (ACL) or an inspection policy. Which command should be used to see the reason for packet drops?

Question 13hardmultiple choice
Read the full Troubleshooting explanation →

A network administrator is troubleshooting an issue where users cannot send emails with attachments larger than 10 MB through the Cisco Email Security Appliance (ESA). The ESA is configured with a mail flow policy that has a maximum message size of 20 MB. What is the most likely cause of the issue?

Question 14mediummultiple choice
Open the full VLAN trunking answer →

An engineer is troubleshooting a user who cannot access the network after successful 802.1X authentication. The user's PC receives an IP address from DHCP, but cannot reach the internet. The switch port is in the correct VLAN (10) after authentication. The ISE posture policy requires the user to install a corporate certificate, but the user skipped that step. What is the most likely cause of the internet access failure?

Question 15easymultiple choice
Read the full Troubleshooting explanation →

A network administrator is troubleshooting intermittent authentication failures on a switch port configured for 802.1X with MAB fallback. Users can connect but get dropped after a few minutes. What is the most likely cause?

Question 16hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network administrator is troubleshooting device tracking on a Cisco switch. The output shows two devices in VLAN 100. The switch is configured with IPv6 first-hop security features. The administrator notices that the device with MAC address aaaa.bbbb.cccc is not receiving RA guard protection. What is the most likely reason?

Exhibit

Router# show device-tracking database
 Device-tracking database for Vlan 100:
  Device ID     MAC Address      Interface      VLAN     Last seen
  *             0050.7966.6800   Gi0/1/0        100      00:00:12
  *             aaaa.bbbb.cccc   Gi0/1/1        100      00:00:05
Question 17hardmultiple choice
Read the full Troubleshooting explanation →

You are troubleshooting a Cisco ISE deployment where some endpoints are stuck in the 'Not Compliant' posture after a posture scan. ISE logs show 'Conditional NAC Agent result: Not Compliant due to missing required application.' The application is installed on the endpoint. What should you check?

Question 18mediummultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting an issue where a user's device is successfully authenticated via 802.1X, but the user cannot access the corporate network. ISE logs show that the user was granted access with a downloadable ACL (dACL). What could be the cause of no network access?

Question 19easymultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. A network administrator is troubleshooting a wired client that has successfully authenticated using MAB. However, the client is unable to access resources beyond the local subnet. What is the most likely cause?

Exhibit

Switch# show authentication sessions
Interface: GigabitEthernet0/1
  MAC Address: 0011.2233.4455
  IP Address: 10.1.1.10
  Status: Authz Success
  Domain: DATA
  Oper host mode: single-host
  Oper control dir: both
  Authorized by: Authentication Server
  Vlan Policy: 10
  Session Timeout: N/A
  Idle Timeout: N/A
  Common Session ID: 0A0B0C0D0E0F0000000000001
  Acct Session ID: 0x00000002
  Authc Method: MAB
  Authz Policy: Permit_Access
Question 20easymultiple choice
Read the full Troubleshooting explanation →

A network engineer is troubleshooting an 802.1X deployment where some Windows 10 endpoints fail to authenticate. Logs show that the client sends an EAPoL-Start but never receives an EAP-Request/Identity. The switch port configuration is:

interface GigabitEthernet0/1
 switchport mode access

authentication port-control auto dot1x pae authenticator Which additional command is most likely needed?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Troubleshooting sessions

Start a Troubleshooting only practice session

Every question in these sessions is drawn from the Troubleshooting domain — nothing else.

Related practice questions

Related 350-701 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 350-701 exam test about Troubleshooting?
Troubleshooting questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Troubleshooting questions in a focused session?
Yes — the session launcher on this page draws every question from the Troubleshooting domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 350-701 topics?
Use the topic links above to move to related areas, or go back to the 350-701 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 350-701 exam covers. They are not copied from any real exam or dump site.