Free Cisco 350-701 Practice Questions 2026 | Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

The AES encryption algorithm encrypts and decrypts data in
blocks of 128 bits (block size). It can do this using 128-bit, 192-bit, or 256-bit keys

Explanation for Each Option:

A. RSA is an asymmetric key establishment algorithm intended to output symmetric keys (Incorrect):
RSA (Rivest-Shamir-Adleman) is an asymmetric algorithm used for encryption, digital signatures, and key exchange, but it does not inherently output symmetric keys. It is typically used to securely exchange a symmetric key, not to generate one directly, making this option incorrect. (Reference: Cisco NGE Cryptographic Algorithms, RSA Usage.)

B. RSA is a symmetric key establishment algorithm intended to output asymmetric keys (Incorrect):
RSA is an asymmetric algorithm, not symmetric, and it does not output asymmetric keys. It generates a public-private key pair for asymmetric cryptography, not a key establishment process for symmetric keys, rendering this option incorrect. (Reference: Cisco RSA Configuration Guide.)

C. DH is a symmetric key establishment algorithm intended to output asymmetric keys (Incorrect):
Diffie-Hellman (DH) is an asymmetric key establishment protocol that enables two parties to establish a shared secret (symmetric key) over an insecure channel. It does not output asymmetric keys, making this option incorrect. (Reference: Cisco DH Key Exchange Overview.)

D. DH is an asymmetric key establishment algorithm intended to output symmetric keys (Correct):
Diffie-Hellman (DH) is an asymmetric key establishment algorithm that allows two parties to derive a shared symmetric key (e.g., for use in AES) without exchanging the key directly. This aligns with its purpose in secure key exchange, making it the correct choice. (Reference: Cisco NGE Diffie-Hellman Guide.)

Additional Notes:
Choosing key establishment algorithms is a key topic in the 350-701 SCOR exam under network security. As of 5:06 PM PKT, October 03, 2025, DH’s role in symmetric key generation is critical.

Active Directory

Explanation for Each Option:

A. single-SSID BYOD (Incorrect):
Single-SSID BYOD refers to a configuration where a single wireless network (SSID) is used for both employee and BYOD onboarding, typically with separate authentication and provisioning processes. It does not involve sharing a guest access WLAN or portal, making this option incorrect. (Reference: Cisco BYOD Design Guide, Single-SSID.)

B. multichannel GUI (Incorrect):
Multichannel GUI is not a recognized term in the context of Cisco wireless or BYOD deployments. It suggests a user interface concept, not a specific endpoint association or portal-sharing configuration, rendering this option incorrect. (Reference: Cisco Wireless Controller GUI Overview.)

C. dual-SSID BYOD (Correct):
Dual-SSID BYOD involves associating endpoints to a provisioning WLAN that is shared with guest access, using the same guest portal for both BYOD onboarding and guest access. This configuration leverages two SSIDs (e.g., one for provisioning/guest, another for corporate) with a unified portal, aligning with the description. (Reference: Cisco BYOD Dual-SSID Deployment Guide.)

D. streamlined access (Incorrect):
Streamlined access is a general term that might imply simplified onboarding but is not a specific Cisco term for sharing a provisioning WLAN with guest access using the same portal. It lacks the dual-SSID context, making this option incorrect. (Reference: Cisco ISE Streamlined Access Features.)

Additional Notes:
Configuring BYOD with dual-SSID is a key topic in the 350-701 SCOR exam under endpoint security. As of 4:49 PM PKT, October 07, 2025, it enhances guest and device management.

Cisco Umbrella

Impact Flags

Explanation for Each Option:

A. It blocks the request (Incorrect):
When a Cisco Web Security Appliance (WSA) cannot match a user-defined policy to a web request, it does not automatically block the request. Blocking requires an explicit deny rule or a default policy set to block, which is not the default behavior when no user-defined policy matches, making this option incorrect. (Reference: Cisco WSA Access Policies Guide.)

B. It applies the global policy (Correct):
In Cisco WSA, if a web request does not match a user-defined policy (e.g., based on URL, user, or group), the appliance falls back to the global policy. The global policy serves as the default set of rules applied to all traffic unless overridden by a more specific policy, aligning with the standard behavior. (Reference: Cisco WSA Policy Configuration Guide, Global Policy.)

C. It applies the next identification profile policy (Incorrect):
Identification profile policies are used to determine user identity (e.g., via LDAP or AD), not to define access or filtering rules. If no user-defined policy matches, the WSA does not proceed to the next identification profile; it resorts to the global policy for access decisions, rendering this option incorrect. (Reference: Cisco WSA Identity Policies Guide.)

D. It applies the advanced policy (Incorrect):
"Advanced policy" is not a specific policy type in Cisco WSA terminology. Policies are categorized as access, decryption, or HTTPS policies, with the global policy acting as the default. There is no automatic fallback to an "advanced policy" when a user-defined policy fails to match, making this option invalid. (Reference: Cisco WSA Policy Types Overview.)

Additional Notes:
Understanding WSA policy enforcement is a key topic in the 350-701 SCOR exam under content security. As of 02:20 PM PKT, October 02, 2025, the global policy is the default fallback. For details, refer to the Cisco Secure Web Appliance Administration Guide (cisco.com) and the 350-701 Exam Blueprint (Section 3.0 Security Concepts).

Explanation:
The key requirement in the question is to retrieve the number of devices. The Cisco DNA Center Intent API provides specific, purpose-built endpoints to efficiently get the information you need.

A) is CORRECT. The endpoint /dna/intent/api/v1/network-device/count is specifically designed to return a count of network devices.
This is the most efficient way to get just the number, as the API response will be a small JSON object containing the count, without the overhead of returning the entire list of device details.

Why the other options are incorrect:

B) GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device is INCORRECT.
This endpoint returns the full list of all network devices and their detailed properties. To get the count, you would have to retrieve all this data and then calculate the size of the returned list, which is very inefficient.

C) GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice?parameter1=value¶meter2=value&.... is INCORRECT.
While you can use query parameters with the main /network-device endpoint to filter the list, it still returns a list of devices, not a direct count. You would still need to process the list to find the number of items.

D) GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice/startIndex/recordsToReturn is INCORRECT.
This is not a standard DNA Center API endpoint for counting. It appears to be a distractor based on a pagination pattern, but the correct endpoint for pagination uses query parameters like offset and limit.

Reference:
Cisco DNA Center Platform API Documentation: The official API reference for the Intent API clearly lists the GET /dna/intent/api/v1/network-device/count endpoint, describing its purpose as "Returns the count of network devices."

Explanation for Each Option:

A. It provides stealth threat prevention (Incorrect):
Cisco Endpoint IoC (Indicators of Compromise) is not designed for stealth threat prevention. Prevention is handled by features like AMP’s exploit prevention, while IoC focuses on identifying and responding to existing threats, making this option incorrect. (Reference: Cisco AMP Threat Prevention Guide.)

B. It is a signature-based engine (Incorrect):
IoC in Cisco Endpoint Security (e.g., AMP for Endpoints) relies on indicators (e.g., file hashes, IP addresses) rather than a traditional signature-based engine, which detects known patterns. IoC is more about response than real-time signature matching, rendering this option incorrect. (Reference: Cisco AMP IoC Overview.)

C. It is an incident response tool (Correct):
The Cisco Endpoint IoC feature is an incident response tool that allows security teams to identify and act on indicators of compromise (e.g., malicious files, network activity) post-infection. It enables investigation and remediation, aligning with its purpose as a response mechanism. (Reference: Cisco AMP Incident Response Guide, IoC Usage.)

D. It provides precompromise detection (Incorrect):
Precompromise detection focuses on preventing attacks before they occur (e.g., via EPP features). IoC is designed for post-compromise analysis and response, not proactive detection, making this option incorrect. (Reference: Cisco AMP Precompromise Features.)

Additional Notes:
Understanding Endpoint IoC is a key topic in the 350-701 SCOR exam under endpoint security. As of 5:08 PM PKT, October 03, 2025, it enhances incident response.