March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Cisco 300-710 Securing Networks with Cisco Firepower (300-710 SNCF) Exam Practice Test

Demo: 63 questions
Total 278 questions

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Question 1

An engineer is using the configure manager add Cisc402098527 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why Is this occurring?

Options:

A.

The NAT ID is required since the Cisco FMC is behind a NAT device.

B.

The IP address used should be that of the Cisco FTD. not the Cisco FMC.

C.

DONOTRESOLVE must be added to the command

D.

The registration key is missing from the command

Question 2

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

Options:

A.

VPN connections can be re-established only if the failed master unit recovers.

B.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

C.

VPN connections must be re-established when a new master unit is elected.

D.

Only established VPN connections are maintained when a new master unit is elected.

Question 3

Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

Options:

A.

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

B.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

C.

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

D.

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

E.

reputation-based objects, such as URL categories

Question 4

Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

Options:

A.

OSPFv2 with IPv6 capabilities

B.

virtual links

C.

SHA authentication to OSPF packets

D.

area boundary router type 1 LSA filtering

E.

MD5 authentication to OSPF packets

Question 5

Which two actions can be used in an access control policy rule? (Choose two.)

Options:

A.

Block with Reset

B.

Monitor

C.

Analyze

D.

Discover

E.

Block ALL

Question 6

An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?

Options:

A.

The interfaces are being used for NAT for multiple networks.

B.

The administrator is adding interfaces of multiple types.

C.

The administrator is adding an interface that is in multiple zones.

D.

The interfaces belong to multiple interface groups.

Question 7

A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?

Options:

A.

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

B.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

C.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

D.

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

Question 8

Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

Options:

A.

FlexConfig

B.

BDI

C.

SGT

D.

IRB

Question 9

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

Options:

A.

The rate-limiting rule is disabled.

B.

Matching traffic is not rate limited.

C.

The system rate-limits all traffic.

D.

The system repeatedly generates warnings.

Question 10

When creating a report template, how can the results be limited to show only the activity of a specific subnet?

Options:

A.

Create a custom search in Firepower Management Center and select it in each section of the report.

B.

Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.

C.

Add a Table View section to the report with the Search field defined as the network in CIDR format.

D.

Select IP Address as the X-Axis in each section of the report.

Question 11

Which Cisco Firepower rule action displays an HTTP warning page?

Options:

A.

Monitor

B.

Block

C.

Interactive Block

D.

Allow with Warning

Question 12

A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?

Options:

A.

Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.

B.

Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.

C.

Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.

D.

Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.

Question 13

An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)

Options:

A.

Modify the system-provided block page result using Python.

B.

Create HTML code with the information for the policies and procedures.

C.

Edit the HTTP request handling in the access control policy to customized block.

D.

Write CSS code with the information for the policies and procedures.

E.

Change the HTTP response in the access control policy to custom.

Question 14

An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?

Options:

A.

interface-based VLAN switching

B.

inter-chassis clustering VLAN

C.

integrated routing and bridging

D.

Cisco ISE Security Group Tag

Question 15

Which object type supports object overrides?

Options:

A.

time range

B.

security group tag

C.

network object

D.

DNS server group

Question 16

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

Options:

A.

The BVI IP address must be in a separate subnet from the connected network.

B.

Bridge groups are supported in both transparent and routed firewall modes.

C.

Bridge groups are supported only in transparent firewall mode.

D.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E.

Each directly connected network must be on the same subnet.

Question 17

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?

Options:

A.

A manual NAT exemption rule does not exist at the top of the NAT table.

B.

An external NAT IP address is not configured.

C.

An external NAT IP address is configured to match the wrong interface.

D.

An object NAT exemption rule does not exist at the top of the NAT table.

Question 18

What is a valid Cisco AMP file disposition?

Options:

A.

non-malicious

B.

malware

C.

known-good

D.

pristine

Question 19

In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?

Options:

A.

unavailable

B.

unknown

C.

clean

D.

disconnected

Question 20

Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)

Options:

A.

application blocking

B.

simple custom detection

C.

file repository

D.

exclusions

E.

application whitelisting

Question 21

Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)

Options:

A.

dynamic null route configured

B.

DHCP pool disablement

C.

quarantine

D.

port shutdown

E.

host shutdown

Question 22

What is the maximum SHA level of filtering that Threat Intelligence Director supports?

Options:

A.

SHA-1024

B.

SHA-4096

C.

SHA-512

D.

SHA-256

Question 23

Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?

Options:

A.

Add the malicious file to the block list.

B.

Send a snapshot to Cisco for technical support.

C.

Forward the result of the investigation to an external threat-analysis engine.

D.

Wait for Cisco Threat Response to automatically block the malware.

Question 24

Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?

Options:

A.

pxGrid

B.

FTD RTC

C.

FMC RTC

D.

ISEGrid

Question 25

Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?

Options:

A.

Windows domain controller

B.

audit

C.

triage

D.

protection

Question 26

Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment?

Options:

A.

Child domains can view but not edit dashboards that originate from an ancestor domain.

B.

Child domains have access to only a limited set of widgets from ancestor domains.

C.

Only the administrator of the top ancestor domain can view dashboards.

D.

Child domains cannot view dashboards that originate from an ancestor domain.

Question 27

Which action should be taken after editing an object that is used inside an access control policy?

Options:

A.

Delete the existing object in use.

B.

Refresh the Cisco FMC GUI for the access control policy.

C.

Redeploy the updated configuration.

D.

Create another rule using a different object name.

Question 28

How many report templates does the Cisco Firepower Management Center support?

Options:

A.

20

B.

10

C.

5

D.

unlimited

Question 29

Which group within Cisco does the Threat Response team use for threat analysis and research?

Options:

A.

Cisco Deep Analytics

B.

OpenDNS Group

C.

Cisco Network Response

D.

Cisco Talos

Question 30

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high- availability?

Options:

A.

configure high-availability resume

B.

configure high-availability disable

C.

system support network-options

D.

configure high-availability suspend

Question 31

Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

Options:

Question 32

What is the benefit of selecting the trace option for packet capture?

Options:

A.

The option indicates whether the packet was dropped or successful.

B.

The option indicated whether the destination host responds through a different path.

C.

The option limits the number of packets that are captured.

D.

The option captures details of each packet.

Question 33

Which CLI command is used to control special handling of ClientHello messages?

Options:

A.

system support ssl-client-hello-tuning

B.

system support ssl-client-hello-display

C.

system support ssl-client-hello-force-reset

D.

system support ssl-client-hello-enabled

Question 34

Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

Options:

A.

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re- apply the policies after registration is completed.

B.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

C.

No option to delete and re-add a device is available in the Cisco FMC web interface.

D.

The Cisco FMC web interface prompts users to re-apply access control policies.

E.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

Question 35

A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not reachable from the Internet on port 80. Which configuration change is needed?

Options:

A.

The intrusion policy must be disabled for port 80.

B.

The access policy rule must be configured for the action trust.

C.

The NAT policy must be modified to translate the source IP address as well as destination IP address.

D.

The access policy must allow traffic to the internal web server IP address.

Question 36

A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response Which step must be taken to resolve this issue without initiating traffic from the client?

Options:

A.

Use packet-tracer to ensure that traffic is not being blocked by an access list.

B.

Use packet capture to ensure that traffic is not being blocked by an access list.

C.

Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address.

D.

Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address.

Question 37

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

Options:

A.

Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.

B.

The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.

C.

Allows traffic inspection to continue without interruption during the Snort process restart.

D.

The interfaces are automatically configured as a media-independent interface crossover.

Question 38

A security engineer is configuring an Access Control Policy for multiple branch locations These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

Options:

A.

utilizing policy inheritance

B.

utilizing a dynamic ACP that updates from Cisco Talos

C.

creating a unique ACP per device

D.

creating an ACP with an INSIDE_NET network object and object overrides

Question 39

Which two routing options are valid with Cisco FTD? (Choose Two)

Options:

A.

BGPv6

B.

ECMP with up to three equal cost paths across multiple interfaces

C.

ECMP with up to three equal cost paths across a single interface

D.

BGPv4 in transparent firewall mode

E.

BGPv4 with nonstop forwarding

Question 40

A network administrator is configuring Snort inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?

Options:

A.

A "show tech" file for the device in question.

B.

A "troubleshoot" file for the device in question.

C.

A "troubleshoot" file for the Cisco FMC.

D.

A "show tech" for the Cisco FMC.

Question 41

Refer to the exhibit.

What must be done to fix access to this website while preventing the same communication to all other websites?

Options:

A.

Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1 50.

B.

Create an access control policy rule to allow port 80 to only 172.1.1 50.

C.

Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50

D.

Create an access control policy rule to allow port 443 to only 172.1.1 50

Question 42

A network administrator registered a new FTD to an existing FMC. The administrator cannot place the FTD in transparent mode. Which action enables transparent mode?

Options:

A.

Add a Bridge Group Interface to the FTD before transparent mode is configured.

B.

Dereglster the FTD device from FMC and configure transparent mode via the CLI.

C.

Obtain an FTD model that supports transparent mode.

D.

Assign an IP address to two physical interfaces.

Question 43

Which feature is supported by IRB on Cisco FTD devices?

Options:

A.

redundant interface

B.

dynamic routing protocol

C.

EtherChannel interface

D.

high-availability cluster

Question 44

An engineer must configure a Cisco FMC dashboard in a multidomain deployment Which action must the engineer take to edit a report template from an ancestor domain?

Options:

A.

Add it as a separate widget.

B.

Copy it to the current domain

C.

Assign themselves ownership of it

D.

Change the document attributes.

Question 45

While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrella. Which API meets this requirement?

Options:

A.

investigate

B.

reporting

C.

enforcement

D.

REST

Question 46

An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem?

Options:

A.

The backup file is not in .cfg format.

B.

The backup file is too large for the Cisco FTD device

C.

The backup file extension was changed from tar to zip

D.

The backup file was not enabled prior to being applied

Question 47

A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisc FMC generated an alert for the malware event, however the user still remained connected. Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue?

Options:

A.

Detect Files

B.

Malware Cloud Lookup

C.

Local Malware Analysis

D.

Reset Connection

Question 48

An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192 168.100.100 has the MAC address of 0042 7734.103 to help troubleshoot a connectivity issue What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

Options:

A.

-nm src 192.168.100.100

B.

-ne src 192.168.100.100

C.

-w capture.pcap -s 1518 host 192.168.100.100 mac

D.

-w capture.pcap -s 1518 host 192.168.100.100 ether

Question 49

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

Options:

A.

Redundant Interface

B.

EtherChannel

C.

Speed

D.

Media Type

E.

Duplex

Question 50

Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

Options:

A.

Cisco Firepower Threat Defense mode

B.

transparent mode

C.

routed mode

D.

integrated routing and bridging

Question 51

Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

Options:

A.

a default DMZ policy for which only a user can change the IP addresses.

B.

deny ip any

C.

no policy rule is included

D.

permit ip any

Question 52

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

Options:

A.

Create a firewall rule to allow CDP traffic.

B.

Create a bridge group with the firewall interfaces.

C.

Change the firewall mode to transparent.

D.

Change the firewall mode to routed.

Question 53

Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

Options:

A.

same flash memory size

B.

same NTP configuration

C.

same DHCP/PPoE configuration

D.

same host name

E.

same number of interfaces

Question 54

Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

Options:

A.

The units must be the same version

B.

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

C.

The units must be different models if they are part of the same series.

D.

The units must be configured only for firewall routed mode.

E.

The units must be the same model.

Question 55

Which two deployment types support high availability? (Choose two.)

Options:

A.

transparent

B.

routed

C.

clustered

D.

intra-chassis multi-instance

E.

virtual appliance in public cloud

Question 56

What is a result of enabling Cisco FTD clustering?

Options:

A.

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

B.

Integrated Routing and Bridging is supported on the master unit.

C.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

D.

All Firepower appliances can support Cisco FTD clustering.

Question 57

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

Options:

A.

Deploy the firewall in transparent mode with access control policies.

B.

Deploy the firewall in routed mode with access control policies.

C.

Deploy the firewall in routed mode with NAT configured.

D.

Deploy the firewall in transparent mode with NAT configured.

Question 58

What are two application layer preprocessors? (Choose two.)

Options:

A.

CIFS

B.

IMAP

C.

SSL

D.

DNP3

E.

ICMP

Question 59

Which protocol establishes network redundancy in a switched Firepower device deployment?

Options:

A.

STP

B.

HSRP

C.

GLBP

D.

VRRP

Question 60

A network security engineer must replace a faulty Cisco FTD device in a high availability pair. Which action must be taken while replacing the faulty unit?

Options:

A.

Shut down the Cisco FMC before powering up the replacement unit.

B.

Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC.

C.

Unregister the faulty Cisco FTD device from the Cisco FMC

D.

Shut down the active Cisco FTD device before powering up the replacement unit.

Question 61

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?

Options:

A.

inline tap monitor-only mode

B.

passive monitor-only mode

C.

passive tap monitor-only mode

D.

inline mode

Question 62

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?

Options:

A.

Configure an IPS policy and enable per-rule logging.

B.

Disable the default IPS policy and enable global logging.

C.

Configure an IPS policy and enable global logging.

D.

Disable the default IPS policy and enable per-rule logging.

Question 63

What is the difference between inline and inline tap on Cisco Firepower?

Options:

A.

Inline tap mode can send a copy of the traffic to another device.

B.

Inline tap mode does full packet capture.

C.

Inline mode cannot do SSL decryption.

D.

Inline mode can drop malicious traffic.

Demo: 63 questions
Total 278 questions