Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Exactprep 300-710 Questions

Page: 18 / 29
Total 385 questions

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Question 69

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?

Options:

A.

Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.

B.

Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.

C.

Deploy multiple Cisco FTD HA pairs to increase performance

D.

Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance

Question 70

An organization has seen a lot of traffic congestion on their links going out to the internet There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?

Options:

A.

Create a flexconfig policy to use WCCP for application aware bandwidth limiting

B.

Create a VPN policy so that direct tunnels are established to the business applications

C.

Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses

D.

Create a QoS policy rate-limiting high bandwidth applications

Question 71

An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?

Options:

A.

The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.

B.

The switches were not set up with a monitor session ID that matches the flow ID defined on the CiscoFTD.

C.

The Cisco FTD must be in routed mode to process ERSPAN traffic.

D.

The Cisco FTD must be configured with an ERSPAN port not a passive port.

Question 72

Which action must be taken to configure an isolated bridge group for IRB mode on a Cisco Secure Firewall device?

Options:

A.

Add the restricted segment to the ACL.

B.

Leave BVI interface name empty.

C.

Define the NAT pool for the blocked traffic.

D.

Remove the route from the routing table.

Page: 18 / 29
Total 385 questions