Free Cisco 350-701 Practice Questions 2026 | Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Configure the trackingconfig command to enable message tracking.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-
0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011110.ht
ml

ESP

RADIUS

DHCP

Explanation:
The key phrase in the question is "prevent the session during the initial TCP communication." This means we want to stop the email delivery process as early as possible, before any data (the email content) is transferred. This is done at the SMTP session level.

Let's break down the SMTP process and each option:

Why Option C is Correct:
In the SMTP protocol, the "initial TCP communication" involves a "handshake" and then an SMTP conversation. A "reject" action occurs during this SMTP conversation. When the sending server initiates a connection, the Cisco Email Security Appliance (ESA) can immediately check the sender's domain or IP against its policies. If it matches the known malicious domain, the ESA can send an SMTP rejection code (like a 5xx "fail" code). This stops the communication right at the protocol level, tells the sending server the message is not accepted, and closes the connection before the potentially large and harmful email body is transmitted. This is the most efficient method to block the traffic at the initial stage.

Why Option A is Incorrect:
"Dropping" an email typically happens after the ESA has fully received it. The server accepts the entire email during the SMTP session and then, based on content filters, silently discards or "drops" it without notifying the sender. This is less efficient than a "reject" because it consumes system resources to receive the full message, including any malicious payload, before taking action.

Why Option B is Incorrect:
"Quarantining" is an action that also happens after the email has been fully accepted by the ESA. The message is received, scanned, determined to be malicious, and then moved to a quarantine hold instead of being delivered to the user's inbox. Like "drop," this does not prevent the session during the initial communication; it allows the session to complete.

Why Option D is Incorrect:
"Resetting the TCP connection" (sending a TCP RST packet) is a more abrupt method than an SMTP reject. While it does break the initial TCP connection, it is considered a less "polite" method in network communication. Sending an SMTP reject is the standard, protocol-compliant way for an email server to refuse a message. A TCP reset might be used in more aggressive threat handling policies, but "stop and reject" is the more precise and correct answer for preventing the session using standard email protocol behavior.

Reference:
This falls under the Content Security domain of the 350-701 SCOR exam, specifically covering the mail policies and handling actions available on the Cisco ESA. Understanding the difference between actions like Reject, Quarantine, and Drop—and at which stage in the SMTP conversation they occur—is fundamental to effectively configuring the appliance.

transparent

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2013/CVDWebSecurityUsingCiscoWSADesignGuide-AUG13.pdf

Explanation
Cisco Security Manager (CSM) is a enterprise-level management tool designed for provisioning, managing, and monitoring Cisco firewalls and VPNs.

Its primary focus is on network security devices, and it provides robust, centralized configuration management for a wide range of them. The key device families managed by Cisco Security Manager include:

Cisco ASA (Adaptive Security Appliance) Firewalls

Cisco Firepower Threat Defense (FTD) Firewalls

Cisco IOS Routers (primarily for VPN configurations)

Cisco Firewall Services Module (FWSM)

Cisco IPS (Intrusion Prevention System) Sensors and Modules

The Cisco ASA is one of the most common and core devices managed by CSM.

Why the other options are incorrect:

A. Access Point:
Access Points are managed by dedicated wireless management systems like Cisco DNA Center or the legacy Cisco Wireless LAN Controller (WLC), not by Cisco Security Manager.

B. WSA (Web Security Appliance):
The WSA is part of the Cisco Content Security portfolio. It is primarily managed by its own dedicated management interface or by Cisco Secure Firewall Management Center (FMC) for centralized policy when integrated with the Firepower ecosystem, not by Cisco Security Manager.

D. ESA (Email Security Appliance):
The ESA is also part of the Cisco Content Security portfolio. Like the WSA, it is managed by its own proprietary management interface (AsyncOS) or can be centrally monitored, but it is not provisioned or configured by Cisco Security Manager.

Reference:
The scope of Cisco Security Manager is clearly defined in its product documentation.

As per the Cisco Security Manager Data Sheet and administration guide, it is described as a solution that "provides comprehensive management of firewall, VPN, and intrusion prevention security policies on a wide range of Cisco security devices... including Cisco ASA 5500 Series Adaptive Security Appliances... and Cisco IOS Software routers."

This confirms that the ASA is a core device managed by CSM, while the other options (WSA, ESA, Access Points) fall under the management purview of other, specialized Cisco systems.

passphrase

type of service byte

destination port

Cisco standard NetFlow version 5 defines a flow as
a unidirectional sequence of packets that all share seven values which define a unique key
for the flow:+ Ingress interface (SNMP ifIndex)+ Source IP address+ Destination IP
address+ IP protocol+ Source port for UDP or TCP, 0 for other protocols+ Destination port
for UDP or TCP, type and code for ICMP, or 0 for other protocols+ IP Type of ServiceNote:
A flow is a unidirectional series of packets between a given source and destination.

Explanation
Cisco DNA Center is the cornerstone of Cisco's intent-based networking (IBN) strategy. Its primary value proposition is to provide a single pane of glass for managing the entire network—from campus to branch, wired to wireless, and core to edge.

Centralized Management Defined:
This means that an administrator can log into one central GUI (the DNA Center dashboard) to provision devices, enforce policies, monitor health, assure application performance, and troubleshoot issues across the entire network infrastructure. It eliminates the need to log into individual switches, routers, and wireless controllers via CLI or separate management interfaces.

How DNA Center Embodies This:

Device Onboarding: You can discover and provision thousands of devices from a central location.
Policy Application: You can define network-wide policies (e.g., for groups of users or devices) and push them out consistently from the center.
Assurance: The Health and Assurance dashboards give a centralized view of the status of every network device, client, and application.
Automation: Network-wide changes and workflows can be automated from the central platform.
The phrase "complete control of the network" in the question is a direct reference to this centralized management paradigm that DNA Center provides.

Detailed Breakdown of Incorrect Options

A. service management:

Why it is incorrect:
While Cisco DNA Center has features related to service management (specifically for SD-WAN and SD-Access), this term is too narrow. "Service management" often refers to the lifecycle management of a specific service (like enabling an IPsec VPN or a QoS policy). DNA Center's scope is far broader, encompassing device management, client monitoring, application analytics, and security policy, all under the umbrella of centralized control. It is a platform that includes service management but is not defined solely by it.

C. application management:

Why it is incorrect:
This is a specific capability or view within the DNA Center dashboard, not the type of dashboard it provides as a whole. The Application Health dashboard is a key part of Cisco DNA Assurance, where you can monitor the performance and experience of critical applications like WebEx or Salesforce. However, this is just one component. DNA Center also provides device health, client health, and network topology views. To call it solely an "application management" dashboard ignores its comprehensive device provisioning, policy, and automation capabilities.

D. distributed management:

Why it is incorrect:
This is the antithesis of what Cisco DNA Center is designed for. A distributed management model is the traditional, legacy approach where you have multiple, independent management systems—for example, one tool for managing the wired campus, another for the wireless network, and a different one for remote branches. This creates operational silos and complexity. DNA Center was explicitly created to replace and consolidate these distributed management points into a single, centralized system.

Reference:

Cisco DNA Center Documentation:
The official overview and data sheets for Cisco DNA Center consistently use the term "centralized management." For example, Cisco describes it as providing "a single network dashboard for designing, provisioning, applying policies, and assuring your entire network."

Intent-Based Networking Concept:
The core principle of IBN, which DNA Center enables, is to have a central brain (the controller) that translates business intent into network-wide policy, which is a form of extreme centralization.

Key Takeaway:
For the exam, remember that Cisco DNA Center's fundamental role is to be the central command-and-control center for the entire network fabric. When a question asks for the "type of dashboard," "centralized management" is the most accurate and encompassing description of its primary function.

To prevent brute force attacks from being successful