CertsTopics Logo

New Year Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Cisco 300-710 Dumps Questions Answers

Page: 1 / 29
Total 385 questions
Get 300-710 Full Access Download 300-710 PDF

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Question 1

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

Options:

A.

Only the UDP packet type is supported.

B.

The output format option for the packet logs is unavailable.

C.

The destination MAC address is optional if a VLAN ID value is entered.

D.

The VLAN ID and destination MAC address are optional.

Buy Now
Question 2

An engineer is working on a LAN switch and has noticed that its network connection to the mime Cisco IPS has gone down Upon troubleshooting it is determined that the switch is working as expected What must have been implemented for this failure to occur?

Options:

A.

The upstream router has a misconfigured routing protocol

B.

Link-state propagation is enabled

C.

The Cisco IPS has been configured to be in fail-open mode

D.

The Cisco IPS is configured in detection mode

Question 3

What is the difference between inline and inline tap on Cisco Firepower?

Options:

A.

Inline tap mode can send a copy of the traffic to another device.

B.

Inline tap mode does full packet capture.

C.

Inline mode cannot do SSL decryption.

D.

Inline mode can drop malicious traffic.

Question 4

Which CLI command is used to control special handling of clientHello messages?

Options:

A.

system support ssl-client-hello-tuning

B.

system support ssl-client-hello-display

C.

system support ssl-client-hello-force-reset

D.

system support ssl-client-hello-reset

Question 5

A company wants a solution to aggregate the capacity of two Cisco FTD devices to make the best use of resources such as bandwidth and connections per second. Which order of steps must be taken across the Cisco FTDs with Cisco FMC to meet this requirement?

Options:

A.

Configure the Cisco FTD interfaces, add members to FMC, configure cluster members in FMC, and create cluster in Cisco FMC.

B.

Add members to Cisco FMC, configure Cisco FTD interfaces in Cisco FMC. configure cluster members in Cisco FMC, create cluster in Cisco FMC. and configure cluster members in Cisco FMC.

C.

Configure the Cisco FTD interfaces and cluster members, add members to Cisco FMC. and create the cluster in Cisco FMC.

D.

Add members to the Cisco FMC, configure Cisco FTD interfaces, create the cluster in Cisco FMC, and configure cluster members in Cisco FMC.

Question 6

While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrella. Which API meets this requirement?

Options:

A.

investigate

B.

reporting

C.

enforcement

D.

REST

Question 7

An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?

Options:

A.

prefilter

B.

intrusion

C.

identity

D.

URL filtering

Question 8

Which report template field format is available in Cisco FMC?

Options:

A.

box lever chart

B.

arrow chart

C.

bar chart

D.

benchmark chart

Question 9

An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request mentions only one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week. Which action must the engineer take to troubleshoot this issue?

Options:

A.

Use the context explorer to see the application blocks by protocol.

B.

Use the context explorer to see the destination port blocks

C.

Filter the connection events by the source port 8699/udp.

D.

Filter the connection events by the destination port 8699/udp.

Question 10

Drag and drop the configuration steps from the left into the sequence on the right to enable external authentication on Cisco FMC to a RADIUS server.

Options:

Question 11

An engineer must configure email notifications on Cisco Secure Firewall Management Center. TLS encryption must be used to protect the messages from unauthorized access. The engineer adds the IP address of the mail relay host and must set the port number. Which TCP port must the engineer use?

Options:

A.

25

B.

389

C.

465

D.

587

Question 12

An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this?

Options:

A.

Use the system support firewall-engine-debug command to determine which rules the traffic matchingand modify the rule accordingly

B.

Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly

C.

Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall.

D.

Use the system support network-options command to fine tune the policy.

Question 13

Which two actions can be used in an access control policy rule? (Choose two.)

Options:

A.

Block with Reset

B.

Monitor

C.

Analyze

D.

Discover

E.

Block ALL

Question 14

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?

Options:

A.

inline tap monitor-only mode

B.

passive monitor-only mode

C.

passive tap monitor-only mode

D.

inline mode

Question 15

An engineer is troubleshooting an intermittent connectivity issue on a Cisco Secure Firewall Threat Defense appliance and must collect 24 hours worth of data. The engineer started a packet capture, however it stops prematurely during this time period. The engineer notices that the packet capture buffer size is set to the default of 32 MB. Which buffer size is the maximum that the engineer must set to enable the packet capture to run successfully?

Options:

A.

64 MB

B.

1 GB

C.

10 GB

D.

100 GB

Question 16

An engineer must configure an ERSPAN passive interface on a Cisco Secure IPS by using the Cisco Secure Firewall Management Center. These configurations have been performed already:

    Configure the passive interface.

    Configure the ERSPAN IP address.

Which two additional settings must be configured to complete the configuration? (Choose two.)

Options:

A.

Source IP

B.

Bypass Mode

C.

TCP Intercept

D.

Flow ID

E.

Destination MAC

Question 17

An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)

Options:

A.

Modify the system-provided block page result using Python.

B.

Create HTML code with the information for the policies and procedures.

C.

Edit the HTTP request handling in the access control policy to customized block.

D.

Write CSS code with the information for the policies and procedures.

E.

Change the HTTP response in the access control policy to custom.

Question 18

Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?

Options:

A.

system generate-troubleshoot

B.

show configuration session

C.

show managers

D.

show running-config | include manager

Question 19

What are two application layer preprocessors? (Choose two.)

Options:

A.

CIFS

B.

IMAP

C.

SSL

D.

DNP3

E.

ICMP

Question 20

A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

Options:

A.

Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.

B.

Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.

C.

There is a host limit set.

D.

The user agent status is set to monitor.

Question 21

Network users are experiencing Intermittent issues with internet access. An engineer ident med mat the issue Is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without running out of resources?

Options:

A.

Define an additional static NAT for the network object in use.

B.

Configure fallthrough to interface PAT on 'he Advanced tab.

C.

Convert the dynamic auto NAT rule to dynamic manual NAT.

D.

Add an identity NAT rule to handle the overflow of users.

Question 22

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

Options:

A.

Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.

B.

The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.

C.

Allows traffic inspection to continue without interruption during the Snort process restart.

D.

The interfaces are automatically configured as a media-independent interface crossover.

Question 23

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?

Options:

A.

system support firewall-engine-debug

B.

system support ssl-debug

C.

system support platform

D.

system support dump-table

Question 24

A company is deploying intrusion protection on multiple Cisco FTD appliances managed by Cisco FMC. Which system-provided policy must be selected if speed and detection are priorities?

Options:

A.

Connectivity Over Security

B.

Security Over Connectivity

C.

Maximum Detection

D.

Balanced Security and Connectivity

Question 25

A network engineer must configure the cabling between a Cisco Secure Firewall Threat Defense appliance and a network so the Secure Firewall Threat Defense appliance performs inline to analyze and tune generated intrusion events before going live. Which Secure Firewall Threat Defense interface mode must the engineer use?

Options:

A.

bypass

B.

link state propagation

C.

tap mode

D.

strict TCP enforcement

Question 26

An engineer is deploying failover capabilities for a pair of Cisco Secure Firewall devices. The core switch keeps the MAC address of the previously active unit in the ARP table. Which action must the engineer take to minimize downtime and ensure that network users keep access to the internet after a Cisco Secure Firewall failover?

Options:

A.

Set the same MAC address on both units.

B.

Add the MAC address to the switch ARP table.

C.

Run a script to send gratuitous ARP after a failover.

D.

Use a virtual MAC address on both units.

Question 27

A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF. DOCX, and XLSX files are not sent lo Cisco Secure Malware analytics. What must do configured to meet the requirements''

Options:

A.

capacity handling

B.

Spero analysis

C.

dynamic analysis

D.

local malware analysis

Question 28

Which firewall mode is Cisco Secure Firewall Threat Defense in when two physical interfaces are assigned to a named BVI?

Options:

A.

Routed

B.

Transparent

C.

In-line

D.

IPS only

Question 29

Refer to the exhibit.

An engineer is modifying an access control policy to add a rule to Inspect all DNS traffic that passes it making the change and deploying the policy, they see that DNS traffic Is not being Inspected by the Snort engine. What is......

Options:

A.

The action of the rule is set to trust instead of allow.

B.

The rule must specify the security zone that originates the traffic.

C.

The rule Is configured with the wrong setting for the source port.

D.

The rule must define the source network for inspection as well as the port.

Question 30

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet How is this accomplished on an FTD device in routed mode?

Options:

A.

by leveraging the ARP to direct traffic through the firewall

B.

by assigning an inline set interface

C.

by using a BVI and create a BVI IP address in the same subnet as the user segment

D.

by bypassing protocol inspection by leveraging pre-filter rules

Question 31

A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair.

Which configuration must be changed before setting up the high availability pair?

Options:

A.

An IP address in the same subnet must be added to each Cisco FTD on the interface.

B.

The interface name must be removed from the interface on each Cisco FTD.

C.

The name Failover must be configured manually on the interface on each cisco FTD.

D.

The interface must be configured as part of a LACP Active/Active EtherChannel.

Question 32

Which feature sets up multiple interfaces on a Cisco Secure Firewall Threat Defense to be on the same subnet?

Options:

A.

EtherChannel

B.

SVI

C.

BVI

D.

security levels

Question 33

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

Options:

A.

Modify the Cisco ISE authorization policy to deny this access to the user.

B.

Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.

C.

Add the unknown user in the Access Control Policy in Cisco FTD.

D.

Add the unknown user in the Malware & File Policy in Cisco FTD.

Question 34

An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit. What is causing this issue?

Options:

A.

The primary FMC currently has devices connected to it.

B.

The code versions running on the Cisco FMC devices are different

C.

The licensing purchased does not include high availability

D.

There is only 10 Mbps of bandwidth between the two devices.

Question 35

The network administrator wants to enhance the network security posture by enabling machine learning tor malware detection due to a concern with suspicious Microsoft executable file types that were seen while creating monthly security reports for the CIO. Which feature must be enabled to accomplish this goal?

Options:

A.

Spero

B.

dynamic analysis

C.

static analysis

D.

Ethos

Question 36

An engineer is configuring a cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interface mode should be used to meet these requirements?

Options:

A.

transparent

B.

routed

C.

passive

D.

inline set

Question 37

A security engineer must add a new policy to block UDP traffic to one server. The engineer adds a new object. Which action must the engineer take next to identify all the UDP ports?

Options:

A.

Define the transport protocol and the mandatory port range.

B.

Add the transport number and specify the type and code.

C.

Add the corresponding IP protocol number for UDP and TCP.

D.

Specify the transport protocol and leave the port number empty.

Question 38

Which group within Cisco does the Threat Response team use for threat analysis and research?

Options:

A.

Cisco Deep Analytics

B.

OpenDNS Group

C.

Cisco Network Response

D.

Cisco Talos

Question 39

A network engineer is deploying a Cisco Firepower 4100 appliance and must configure a multi-instance environment for high availability. Drag and drop me actions from the left into sequence on the right far this configuration.

Options:

Question 40

An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192 168.100.100 has the MAC address of 0042 7734.103 to help troubleshoot aconnectivity issue What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

Options:

A.

-nm src 192.168.100.100

B.

-ne src 192.168.100.100

C.

-w capture.pcap -s 1518 host 192.168.100.100 mac

D.

-w capture.pcap -s 1518 host 192.168.100.100 ether

Question 41

Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

Options:

A.

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

B.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

C.

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

D.

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

E.

reputation-based objects, such as URL categories

Question 42

What is the advantage of having Cisco Firepower devices send events to Cisco Threat response via the security services exchange portal directly as opposed to using syslog?

Options:

A.

Firepower devices do not need to be connected to the internet.

B.

All types of Firepower devices are supported.

C.

Supports all devices that are running supported versions of Firepower

D.

An on-premises proxy server does not need to set up and maintained

Question 43

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

Options:

A.

The BVI IP address must be in a separate subnet from the connected network.

B.

Bridge groups are supported in both transparent and routed firewall modes.

C.

Bridge groups are supported only in transparent firewall mode.

D.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E.

Each directly connected network must be on the same subnet.

Question 44

Which command must be run to generate troubleshooting files on an FTD?

Options:

A.

system support view-files

B.

sudo sf_troubleshoot.pl

C.

system generate-troubleshoot all

D.

show tech-support

Question 45

Refer to the exhibit. An engineer must import three network objects into the Cisco Secure Firewall Management Center by using a CSV file. Which header must be configured in the CSV file to accomplish the task?

Options:

A.

NAME;DESCRIPTION;TYPE;VALUE;LOOKUP;

B.

Name; Description; Type;Value;Lookup;

C.

Name; Description; Type;Value;DN;

D.

NAME;DESCRIPTION; TYPE;VALUE;DN;

Question 46

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour. How is this accomplished?

Options:

A.

Modify the access control policy to redirect interesting traffic to the engine

B.

Modify the network discovery policy to detect new hosts to inspect

C.

Modify the network analysis policy to process the packets for inspection

D.

Modify the intrusion policy to determine the minimum severity of an event to inspect.

Question 47

An engineer must implement Cisco Secure Firewall transparent mode due to a new server recently being added that must communicate with an existing server that is currently separated by the firewall. Which implementation action must be taken next by the engineer to accomplish the goal?

Options:

A.

Enable both servers to share the same VXLAN segment.

B.

Configure the same default gateway for both servers.

C.

Ensure that both servers are in the same bridge domain.

D.

Assign the same subnet to both servers.

Question 48

IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high. Which report type should be used to gather this information?

Options:

A.

Malware Report

B.

Standard Report

C.

SNMP Report

D.

Risk Report

Question 49

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?

Options:

A.

A manual NAT exemption rule does not exist at the top of the NAT table.

B.

An external NAT IP address is not configured.

C.

An external NAT IP address is configured to match the wrong interface.

D.

An object NAT exemption rule does not exist at the top of the NAT table.

Question 50

A network administrator is trying to configure an access rule to allow access to a specific banking site over HTTPS. Which method must the administrator use to meet the requirement?

Options:

A.

Enable SSL decryption and specify the URL.

B.

Define the URL to be blocked and set the application to HTTP.

C.

Define the URL to be blocked and disable SSL inspection.

D.

Block the category of banking and define the application of WWW.

Question 51

An engineer must deploy a Cisco FTD device. Management wants to examine traffic without requiring network changes that will disrupt end users. Corporate security policy requires the separation of management traffic from data traffic and the use of SSH over Telnet for remote administration. How must the device be deployed to meet these requirements?

Options:

A.

in routed mode with a diagnostic interface

B.

in transparent mode with a management Interface

C.

in transparent made with a data interface

D.

in routed mode with a bridge virtual interface

Question 52

Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?

Options:

A.

show running-config

B.

show tech-support chassis

C.

system support diagnostic-cli

D.

sudo sf_troubleshoot.pl

Question 53

An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

Options:

A.

controller

B.

publisher

C.

client

D.

server

Question 54

Which action should be taken after editing an object that is used inside an access control policy?

Options:

A.

Delete the existing object in use.

B.

Refresh the Cisco FMC GUI for the access control policy.

C.

Redeploy the updated configuration.

D.

Create another rule using a different object name.

Question 55

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?

Options:

A.

Identity policy

B.

Prefilter policy

C.

Network Analysis policy

D.

Intrusion policy

Question 56

An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The intelligence source does not use STIX. but instead uses a .txt file format. Which action ensures that regular updates are provided?

Options:

A.

Add a URL source and select the flat file type within Cisco FMC.

B.

Upload the .txt file and configure automatic updates using the embedded URL.

C.

Add a TAXII feed source and input the URL for the feed.

D.

Convert the .txt file to STIX and upload it to the Cisco FMC.

Question 57

A network administrator wants to block traffictoa known malware site all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

Options:

A.

Prefilter policy

B.

SSL policy

C.

DNS policy

D.

Access Control policy with URL filtering

Question 58

An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual Firepower devices working separately inside of the FTD appliance to provide traffic segmentation Which deployment mode should be configured in the Cisco Firepower Management Console to support these requirements?

Options:

A.

multiple deployment

B.

single-context

C.

single deployment

D.

multi-instance

Question 59

A network administrator is reviewing a monthly advanced malware risk report and notices a host that Is listed as CnC Connected. Where must the administrator look within Cisco FMC to further determine if this host is infected with malware?

Options:

A.

Analysis > Hosts > indications of Compromise

B.

Analysts > Files > Malware Events

C.

Analysis > Hosts > Host Attributes

D.

Analysis > Flies > Network File Trajectory

Question 60

A network administrator is concerned about (he high number of malware files affecting users' machines. What must be done within the access control policy in Cisco FMC to address this concern?

Options:

A.

Create an intrusion policy and set the access control policy to block.

B.

Create an intrusion policy and set the access control policy to allow.

C.

Create a file policy and set the access control policy to allow.

D.

Create a file policy and set the access control policy to block.

Question 61

An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?

Options:

A.

Attacks Risk Report

B.

User Risk Report

C.

Network Risk Report

D.

Advanced Malware Risk Report

Question 62

A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration must include automatic configuration, translation, and connection updates. After the initial configuration of the two appliances, which two steps must be taken to proceed with the redundancy configuration? (Choose two.)

Options:

A.

Configure the virtual MAC address on the failover link.

B.

Disable hellos on the inside interface.

C.

Configure the standby IP addresses.

D.

Ensure the high availability license is enabled.

E.

Configure the failover link with stateful properties.

Question 63

When using Cisco Threat Response, which phase of the Intelligence Cycle publishes the results of the investigation?

Options:

A.

direction

B.

dissemination

C.

processing

D.

analysis

Question 64

Refer to the exhibit.

A Cisco Secure Firewall Threat Defense (FTD) device is deployed in inline mode with an inline set. The network engineer wants router R2 to remove the directly connected route M 68.1.0/24 from its routing table when the cable between routed R1 and the Secure FTD device Is disconnected. Which action must the engineer take?

1

Options:

A.

Implement the Propagate Link Stale option on the Secure FTD device

B.

Establish a routing protocol between R1 and R2.

C.

Disable hardware bypass on the Secure FTD device.

D.

Implement autostate functionality on the Gi0/2 interface of R2

Question 65

An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass Which default policy should be used?

Options:

A.

Maximum Detection

B.

Security Over Connectivity

C.

Balanced Security and Connectivity

D.

Connectivity Over Security

Question 66

An engineer is configuring a custom application detector for HTTP traffic and wants to import a file that was provided by a third party. Which type of flies are advanced application detectors creates and uploaded as?

Options:

A.

Perl script

B.

NBAR protocol

C.

LUA script

D.

Python program

Question 67

Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

Options:

A.

BGPv6

B.

ECMP with up to three equal cost paths across multiple interfaces

C.

ECMP with up to three equal cost paths across a single interface

D.

BGPv4 in transparent firewall mode

E.

BGPv4 with nonstop forwarding

Question 68

In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?

Options:

A.

unavailable

B.

unknown

C.

clean

D.

disconnected

Question 69

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?

Options:

A.

Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.

B.

Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.

C.

Deploy multiple Cisco FTD HA pairs to increase performance

D.

Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance

Question 70

An organization has seen a lot of traffic congestion on their links going out to the internet There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?

Options:

A.

Create a flexconfig policy to use WCCP for application aware bandwidth limiting

B.

Create a VPN policy so that direct tunnels are established to the business applications

C.

Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses

D.

Create a QoS policy rate-limiting high bandwidth applications

Question 71

An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?

Options:

A.

The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.

B.

The switches were not set up with a monitor session ID that matches the flow ID defined on the CiscoFTD.

C.

The Cisco FTD must be in routed mode to process ERSPAN traffic.

D.

The Cisco FTD must be configured with an ERSPAN port not a passive port.

Question 72

Which action must be taken to configure an isolated bridge group for IRB mode on a Cisco Secure Firewall device?

Options:

A.

Add the restricted segment to the ACL.

B.

Leave BVI interface name empty.

C.

Define the NAT pool for the blocked traffic.

D.

Remove the route from the routing table.

Question 73

A network administrator notices that SI events are not being updated The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?

Options:

A.

Restart the affected devices in order to reset the configurations

B.

Manually update the SI event entries to that the appropriate traffic is blocked

C.

Replace the affected devices with devices that provide more memory

D.

Redeploy configurations to affected devices so that additional memory is allocated to the SI module

Question 74

An engineer is configuring two new Cisco Secure Firewall Threat Defense devices to replace the existing firewalls. Network traffic must be analyzed for intrusion events without impacting the traffic. What must the engineer implement next to accomplish the goal?

Options:

A.

Passive mode

B.

Inline Pair in Tap mode

C.

ERSPAN Passive mode

D.

Inline Pair mode

Question 75

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

Options:

A.

Enable Inspect Local Router Traffic

B.

Enable Automatic Application Bypass

C.

Configure Fastpath rules to bypass inspection

D.

Add a Bypass Threshold policy for failures

Question 76

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configurationchange must be made to alleviate this issue?

Options:

A.

Leave default networks.

B.

Change the method to TCP/SYN.

C.

Increase the number of entries on the NAT device.

D.

Exclude load balancers and NAT devices.

Question 77

An engineer must change the mode of a Cisco Secure Firewall Threat Defense (FTD) firewall in the Cisco Secure Firewall Management Center (FMC) inventory. The engineer must take these actions:

• Register Secure FTD with Secure FMC.

• Change the firewall mode.

• Deregister the Secure FTD device from Secure FMC.

How must the engineer take FTD take the actions?

Options:

A.

Reload the Secure FTD device.

B.

Configure the management IP address.

C.

Access the Secure FTD CLI from the console port.

D.

Erase the Secure FTD configuration

Question 78

How should a high-availability pair of Cisco Secure Firewall Threat Defense Virtual appliances be deployed to Cisco Secure Firewall Management Center?

Options:

A.

Configure high availability first, then add only the primary Cisco Secure Firewall Threat Defense Virtual appliance to Cisco Secure Firewall Management Center.

B.

Add the primary and secondary Cisco Secure Firewall Threat Defense Virtual appliances to Cisco Secure Firewall Management Center first, then configure high availability.

C.

Add the primary appliance to Cisco Secure Firewall Management Center first, then configure high availability.

D.

Configure high availability first, then add the primary and secondary appliances to Cisco Secure Firewall Management Center.

Question 79

A network engineer sets up a secondary CiscoFMC that is integrated with Cisco Security Packet Analyzer What occurs when the secondary CiscoFMC synchronizes with the primary Cisco FMC?

Options:

A.

The existing integration configuration is replicated to the primary Cisco FMC

B.

The existing configuration for integration of the secondary Cisco FMC the Cisco Security Packet Analyzer is overwritten.

C.

The synchronization between the primary and secondary Cisco FMC fails

D.

The secondary Cisco FMC must be reintegrated with the Cisco Security Packet Analyzer after the synchronization

Question 80

An engineer must export a packet capture from Cisco Secure Firewall Management Center to assist in troubleshooting an issue an a Secure Firewall Threat Defense device. When the engineer navigates to URL for Secure Firewall Management Center at:

../capture/CAP/pcap/sample.pcap

An engineer receives a 403: Forbidden error instead of being provided with the PCAP file. Which action resolves the issue?

Options:

A.

Disable the HTTPS server and use HTTP.

B.

Enable the proxy setting in the device platform policy.

C.

Enable HTTPS in the device platform policy.

D.

Disable the proxy setting on the client browser.

Question 81

An engineer must investigate a connectivity issue from an endpoint behind a Cisco FTD device and a public DNS server. The endpoint cannot perform name resolution queries. Which action must the engineer perform to troubleshoot the issue by simulating real DNS traffic on the Cisco FTD while verifying the Snarl verdict?

Options:

A.

Perform a Snort engine capture using tcpdump from the FTD CLI.

B.

Use the Capture w/Trace wizard in Cisco FMC.

C.

Create a Custom Workflow in Cisco FMC.

D.

Run me system support firewall-engine-debug command from me FTD CLI.

Question 82

An engineer is setting up a new Cisco Secure Firewall Threat Defense appliance to replace the current firewall. The company requests that inline sets be used and that when one interface in

an inline set goes down, the second interface in the inline set goes down. What must the engineer configure to meet the deployment requirements?

Options:

A.

strict TCP enforcement

B.

propagate link state

C.

Snort fail open

D.

inline tap mode

Question 83

What is a valid Cisco AMP file disposition?

Options:

A.

non-malicious

B.

malware

C.

known-good

D.

pristine

Question 84

What is a behavior of a Cisco FMC database purge?

Options:

A.

User login and history data are removed from the database if the User Activity check box is selected.

B.

Data can be recovered from the device.

C.

The appropriate process is restarted.

D.

The specified data is removed from Cisco FMC and kept for two weeks.

Question 85

An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with the primary route. Which action accomplishes this task?

Options:

A.

Install the static backup route and modify the metric to be less than the primary route.

B.

Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated.

C.

Use a default route on the FMC instead of having multiple routes contending for priority.

D.

Create the backup route and use route tracking on both routes to a destination IP address in the network.

Question 86

An engineer must perform a packet capture on a Cisco Secure Firewall Threat Defense device to confirm the MAC address of the host using IP address 192.168.100.100 while troubleshooting an ARP issue. What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

Options:

A.

-w capture.pcap -s 1518 host 192.168.100.100 mac

B.

-nm src 192.168.100.100

C.

-w capture.pcap -s 1518 host 192.168.100.100 ether

D.

-ne src 192.168.100.100

Question 87

An engineer is configuring Cisco Security Devices by using Cisco Secure Firewall Management Center. Which configuration command must be run to compare the CA certificate bundle on the local system to the latest CA bundle from the Cisco server?

Options:

A.

configure cert-update compare

B.

configure cert-update auto-update enable

C.

configure cert-update run-now

D.

configure cert-update test

Question 88

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

Options:

A.

Create a firewall rule to allow CDP traffic.

B.

Create a bridge group with the firewall interfaces.

C.

Change the firewall mode to transparent.

D.

Change the firewall mode to routed.

Question 89

A network administrator is configuring a site-to-site IPsec VPN to a router sitting behind a Cisco FTD. The administrator has configured an access policy to allow traffic to this device on UDP 500, 4500, and ESP VPN traffic is not working. Which action resolves this issue?

Options:

A.

Set the allow action in the access policy to trust.

B.

Enable IPsec inspection on the access policy.

C.

Modify the NAT policy to use the interface PAT.

D.

Change the access policy to allow all ports.

Question 90

What is a feature of Cisco AMP private cloud?

Options:

A.

It supports anonymized retrieval of threat intelligence

B.

It supports security intelligence filtering.

C.

It disables direct connections to the public cloud.

D.

It performs dynamic analysis

Question 91

An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IRS, if it is not dropped, how does the traffic get to its destination?

Options:

A.

It is retransmitted from the Cisco IPS inline set.

B.

The packets are duplicated and a copy is sent to the destination.

C.

It is transmitted out of the Cisco IPS outside interface.

D.

It is routed back to the Cisco ASA interfaces for transmission.

Question 92

A security engineer is adding three Cisco FTD devices to a Cisco FMC. Two of the devices have successfully registered to the Cisco FMC. The device that is unable to register is located behind a router that translates all outbound traffic to the router's WAN IP address. Which two steps are required for this device to register to the Cisco FMC? (Choose two.)

Options:

A.

Reconfigure the Cisco FMC lo use the device's private IP address instead of the WAN address.

B.

Configure a NAT ID on both the Cisco FMC and the device.

C.

Add the port number being used for PAT on the router to the device's IP address in the Cisco FMC.

D.

Reconfigure the Cisco FMC to use the device's hostname instead of IP address.

E.

Remove the IP address defined for the device in the Cisco FMC.

Question 93

A network engineer detects a connectivity issue between Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense. Initial troubleshooting indicates that heartbeats and events are not being received. The engineer re-establishes the secure channels between both peers. Which two commands must the engineer run to resolve the issue? (Choose two.)

Options:

A.

show disk-manager

B.

show history

C.

sudo stats_unified.pl

D.

manage_procs.pl

E.

sudo perfstats -Cq < /var/sf/rna/correlator-stats/now

Question 94

A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response Which step must be taken to resolve this issue without initiating traffic from the client?

Options:

A.

Use packet-tracer to ensure that traffic is not being blocked by an access list.

B.

Use packet capture to ensure that traffic is not being blocked by an access list.

C.

Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address.

D.

Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address.

Question 95

An engineer is creating an URL object on Cisco FMC How must it be configured so that the object will match for HTTPS traffic in an access control policy?

Options:

A.

Specify the protocol to match (HTTP or HTTPS).

B.

Use the FQDN including the subdomain for the website

C.

Define the path to the individual webpage that uses HTTPS.

D.

Use the subject common name from the website certificate

Question 96

Which component is needed to perform rapid threat containment with Cisco FMC?

Options:

A.

ISE

B.

RESTful API

C.

SIEM

D.

DDI

Question 97

Refer to the exhibit An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall After making the change and deploying thepokey they see that DNS traffic is not bang inspected by the Snort engine What is the problem?

Options:

A.

The rule must specify the security zone that originates the traffic

B.

The rule must define the source network for inspection as well as the port

C.

The action of the rule is set to trust instead of allow.

D.

The rule is configured with the wrong setting for the source port

Question 98

Which two deployment types support high availability? (Choose two.)

Options:

A.

transparent

B.

routed

C.

clustered

D.

intra-chassis multi-instance

E.

virtual appliance in public cloud

Question 99

Refertothe exhibit. An engineer is analyzing a Network Risk Report from Cisco FMC. Which application must the engineer take immediate action against to prevent unauthorized network use?

Options:

A.

Kerberos

B.

YouTube

C.

Chrome

D.

TOR

Question 100

An engineer is configuring a Cisco Secure Firewall Threat Defense device and warns to create a new intrusion rule based on the detection of a specific pattern in the data payload for a new zero-day exploit. Which keyword type must be used to add a Line that identifies the author of the rule and the date it was created?

Options:

A.

metadata

B.

content

C.

reference

D.

gtp_info

Question 101

An engineer is integrating Cisco Secure Endpoint with Cisco Secure Firewall Management Center in high availability mode. Malware events detected by Secure Endpoint must also be

received by Secure Firewall Management Center and public cloud services are used. Which two configurations must be selected on both high availability peers independently? (Choose two.)

Options:

A.

internet connection

B.

Smart Software Manager Satellite

C.

Cisco Success Network

D.

security group tag

E.

Secure Endpoint Cloud Connection

Question 102

Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)

Options:

A.

Cisco ASA 5500 Series

B.

Cisco FMC

C.

Cisco AMP

D.

Cisco Stealthwatch

E.

Cisco ASR 7200 Series

Question 103

An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10 10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?

Options:

A.

Delete and reregister the device to Cisco FMC

B.

Update the IP addresses from IFV4 to IPv6 without deleting the device from Cisco FMC

C.

Format and reregister the device to Cisco FMC.

D.

Cisco FMC does not support devices that use IPv4 IP addresses.

Question 104

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see the Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

Options:

A.

Use the verbose option as a part of the capture-traffic command

B.

Use the capture command and specify the trace option to get the required information.

C.

Specify the trace using the -T option after the capture-traffic command.

D.

Perform the trace within the Cisco FMC GUI instead of the Cisco FTD CLI.

Question 105

An engineer is deploying a Cisco Secure Firewall Management Center appliance. The company must send data to Cisco Secure Network Analytics appliances. Which two actions must the engineer take? (Choose two.)

Options:

A.

Configure Security Intelligence object to send data to Cisco Secure Network Analytics.

B.

Add the Netflow_Send_Destination object to the configuration.

C.

Add the Netflow_Add_Destination object to the configuration.

D.

Add the Netflow_Set_Parameters object to the configuration.

E.

Create a service identifier to enable the NetFlow service.

Question 106

Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

Options:

A.

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re- apply the policies after registration is completed.

B.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

C.

No option to delete and re-add a device is available in the Cisco FMC web interface.

D.

The Cisco FMC web interface prompts users to re-apply access control policies.

E.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

Question 107

An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime During the setup process, the synchronization between the two devices is failing What action is needed to resolve this issue?

Options:

A.

Confirm that both devices have the same port-channel numbering

B.

Confirm that both devices are running the same software version

C.

Confirm that both devices are configured with the same types of interfaces

D.

Confirm that both devices have the same flash memory sizes

Question 108

Refer to the exhibit. An engineer is configuring a high-availability solution that has the hardware devices and software versions:

two Cisco Secure Firewall 9300 Security Appliances with FXOS SW 2.0(1.23)

software Cisco Secure Firewall Threat Defense 6.0.1.1 (build 1023) on both appliances

one Cisco Secure Firewall Management Center with SW 6.0.1.1 (build 1023)

Which condition must be met to complete the high-availability configuration?

Options:

A.

DHCP must be configured on at least one firewall interface.

B.

The version numbers must have the same patch number.

C.

Both firewalls must have the same number of interfaces.

D.

Both firewalls must be in transparent mode.

Question 109

An engineer must integrate a thud-party security Intelligence teed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2 3 and has 8 GB of memory. Which two actions must be taken to implement Throat Intelligence Director? (Choose two.)

Options:

A.

Upgrade to version 6.6.

B.

Enable REST API access.

C.

Add the URL of the TAXII server.

D.

Add 7 GB of memory.

E.

Add a TAXII server

Question 110

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

Options:

A.

Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

B.

Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

C.

Use the packet tracer tool to determine at which hop the packet is being dropped.

D.

Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

Question 111

An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?

Options:

A.

Logging is not enabled for the rule.

B.

The rule was not enabled after being created.

C.

The wrong source interface for Snort was selected in the rule.

D.

An incorrect application signature was used in the rule.

Question 112

An engainermust add DNS-specific rules to me Cisco FTD intrusion policy. The engineer wants to use the rules currently in the Cisco FTD Snort database that are not already enabled but does not want to enable more than are needed. Which action meets these requirements?

Options:

A.

Change the dynamic state of the rule within the policy.

B.

Change the base policy to Security over Connectivity.

C.

Change the rule state within the policy being used.

D.

Change the rules using the Generate and Use Recommendations feature.

Question 113

Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)

Options:

A.

application blocking

B.

simple custom detection

C.

file repository

D.

exclusions

E.

application whitelisting

Question 114

What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog?

Options:

A.

All types of Cisco Firepower devices are supported.

B.

An on-premises proxy server does not need to be set up and maintained.

C.

Cisco Firepower devices do not need to be connected to the Internet.

D.

Supports all devices that are running supported versions of Cisco Firepower.

Question 115

When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)

Options:

A.

Diagnostic

B.

EtherChannel

C.

BVI

D.

Physical

E.

Subinterface

Exam Detail
Vendor: Cisco
Certification: CCNP Security
Exam Code: 300-710
Exam Name: Securing Networks with Cisco Firepower (300-710 SNCF)
Last Update: Dec 17, 2025
300-710 Question Answers
Page: 1 / 29
Total 385 questions
Get 300-710 Full Access Download 300-710 PDF