CertsTopics Logo

Big Cyber Monday Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Changed 300-710 Exam Questions

Page: 28 / 29
Total 385 questions
Get 300-710 Full Access Download 300-710 PDF

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Question 109

An engineer must integrate a thud-party security Intelligence teed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2 3 and has 8 GB of memory. Which two actions must be taken to implement Throat Intelligence Director? (Choose two.)

Options:

A.

Upgrade to version 6.6.

B.

Enable REST API access.

C.

Add the URL of the TAXII server.

D.

Add 7 GB of memory.

E.

Add a TAXII server

Question 110

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

Options:

A.

Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

B.

Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

C.

Use the packet tracer tool to determine at which hop the packet is being dropped.

D.

Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

Question 111

An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?

Options:

A.

Logging is not enabled for the rule.

B.

The rule was not enabled after being created.

C.

The wrong source interface for Snort was selected in the rule.

D.

An incorrect application signature was used in the rule.

Question 112

An engainermust add DNS-specific rules to me Cisco FTD intrusion policy. The engineer wants to use the rules currently in the Cisco FTD Snort database that are not already enabled but does not want to enable more than are needed. Which action meets these requirements?

Options:

A.

Change the dynamic state of the rule within the policy.

B.

Change the base policy to Security over Connectivity.

C.

Change the rule state within the policy being used.

D.

Change the rules using the Generate and Use Recommendations feature.

Page: 28 / 29
Total 385 questions
Get 300-710 Full Access Download 300-710 PDF