PDF 300-710 Study Guide

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Question 29

A security engineer is configuring an Access Control Policy for multiple branch locations These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

Options:

utilizing policy inheritance

utilizing a dynamic ACP that updates from Cisco Talos

creating a unique ACP per device

creating an ACP with an INSIDE_NET network object and object overrides

Question 30

An engineer is investigating connectivity problems on Cisco Firepower for a specific SGT. Which command allows the engineer to capture real packets that pass through the firewall using an SGT of 64?

Options:

capture CAP type inline-tag 64 match ip any any

capture CAP match 64 type inline-tag ip any any

capture CAP headers-only type inline-tag 64 match ip any any

capture CAP buffer 64 match ip any any

Question 31

An organization is implementing Cisco FTD using transparent mode in the network. Which rule in the default Access Control Policy ensures that this deployment does not create a loop in the network?

Options:

ARP inspection is enabled by default.

Multicast and broadcast packets are denied by default.

STP BPDU packets are allowed by default.

ARP packets are allowed by default.

Question 32

Which command must be run to generate troubleshooting files on an FTD?

Options:

system support view-files

sudo sf_troubleshoot.pl

system generate-troubleshoot all

show tech-support

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation: