350-701 Exam Details

  • Exam Code
    :350-701
  • Exam Name
    :Implementing and Operating Cisco Security Core Technologies (SCOR)
  • Certification
    :CCIE Security
  • Vendor
    :Cisco
  • Total Questions
    :784 Q&As
  • Last Updated
    :Jul 10, 2026

Cisco 350-701 Online Questions & Answers

  • Question 81:

    What are two functionalities of SDN Northbound APIs? (Choose two.)

    A. Northbound APIs provide a programmable interface for applications to dynamically configure the network.
    B. Northbound APIs form the interface between the SDN controller and business applications.
    C. OpenFlow is a standardized northbound API protocol.
    D. Northbound APIs use the NETCONF protocol to communicate with applications.
    E. Northbound APIs form the interface between the SDN controller and the network switches or routers.

  • Question 82:

    Which technology is used to improve web traffic performance by proxy caching?

    A. WSA
    B. Firepower
    C. FireSIGHT
    D. ASA

  • Question 83:

    An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

    A. Ensure that the client computers are pointing to the on-premises DNS servers.
    B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
    C. Add the public IP address that the client computers are behind to a Core Identity.
    D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

  • Question 84:

    What is the function of the crypto isakmp key cisc123456789 address 192.168.50.1 255.255.255.255 command when establishing an IPsec VPN tunnel?

    A. It configures the pre-shared authentication key for host 192.168.50.1.
    B. It prevents 192.168.50.1 from connecting to the VPN server.
    C. It configures the local address for the VPN server 192.168.50.1.
    D. It defines the data destined to 192.168.50.1 is going to be encrypted.

  • Question 85:

    Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

    A. quality of service
    B. time synchronization
    C. network address translations
    D. intrusion policy

  • Question 86:

    What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone- based policy firewall?

    A. The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone- Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces
    B. The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot
    C. The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added
    D. The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot

  • Question 87:

    An engineer configured 802.1X authentication on a switch port but cannot authenticate. Which action must the engineer take to validate if the user credentials are correct?

    A. Check the logs of the authentication server for the username and authentication rejection logs.
    B. Check policy enforcement point for the authentication mechanism and credentials used.
    C. Check the supplicant logs for the username and password entered, then check the authentication provider.
    D. Check the authenticator and view the debug logs for the username and password.

  • Question 88:

    Which Cisco solution integrates Encrypted Traffic Analytics to perform enhanced visibility,promote compliance,shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?

    A. Cisco DNA Center
    B. Cisco SDN
    C. Cisco ISE
    D. Cisco Security Compiance Solution

  • Question 89:

    What are the components of endpoint protection against social engineering attacks?

    A. Cisco Secure Email Gateway
    B. IPsec
    C. firewall
    D. IDS

  • Question 90:

    A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

    A. DHCP snooping has not been enabled on all VLANs.
    B. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
    C. Dynamic ARP Inspection has not been enabled on all VLANs
    D. The no ip arp inspection trust command is applied on all user host interfaces

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-701 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.