Cisco Real Dumps Practice Exam Questions by Dumpswarp

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Question 1

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

Options:

Create a firewall rule to allow CDP traffic.

Create a bridge group with the firewall interfaces.

Change the firewall mode to transparent.

Change the firewall mode to routed.

Question 2

Refer to the exhibit.

An organization has an access control rule with the intention of sending all social media traffic for inspection After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed What must be done to address this issue?

Options:

Modify the selected application within the rule

Change the intrusion policy to connectivity over security.

Modify the rule action from trust to allow

Add the social network URLs to the block list

Question 3

An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device?

Options:

Use the host filter in the packet capture to capture traffic to or from a specific host.

Redirect the packet capture output to a. pcap file that can be opened with Wireshark.

Use the -c option to restrict the packet capture to only the first 100 packets.

Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.

Question 4

A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration must include automatic configuration, translation, and connection updates. After the initial configuration of the two appliances, which two steps must be taken to proceed with the redundancy configuration? (Choose two.)

Options:

Configure the virtual MAC address on the failover link.

Disable hellos on the inside interface.

Configure the standby IP addresses.

Ensure the high availability license is enabled.

Configure the failover link with stateful properties.

Question 5

What is a result of enabling Cisco FTD clustering?

Options:

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

Integrated Routing and Bridging is supported on the master unit.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

All Firepower appliances can support Cisco FTD clustering.

Question 6

Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?

Options:

fpcollect

dhclient

sfmgr

sftunnel

Question 7

Refer to the exhibit.

A company is deploying a pair of Cisco Secure Firewall Threat defence devices named FTD1 and FTD2. FTD1 and FTD2 have been configured as an active/standby pair with a failover link but without a stateful link. What must be implemented next to ensure that users on the internal network still communicate with outside devices if FTD1 fails?

Options:

Disable port security on the switch interfaces connected to FTD1 and FTD2.

Set maximum secured addresses to two on the switch interfaces on FTD1 and FTD2.

Connect and configure a stateful link and thon deploy the changes.

Configure the spanning-tree PortFasI feature on SW1 and FTD2

Question 8

A company wants a solution to aggregate the capacity of two Cisco FTD devices to make the best use of resources such as bandwidth and connections per second. Which order of steps must be taken across the Cisco FTDs with Cisco FMC to meet this requirement?

Options:

Configure the Cisco FTD interfaces, add members to FMC, configure cluster members in FMC, and create cluster in Cisco FMC.

Add members to Cisco FMC, configure Cisco FTD interfaces in Cisco FMC. configure cluster members in Cisco FMC, create cluster in Cisco FMC. and configure cluster members in Cisco FMC.

Configure the Cisco FTD interfaces and cluster members, add members to Cisco FMC. and create the cluster in Cisco FMC.

Add members to the Cisco FMC, configure Cisco FTD interfaces, create the cluster in Cisco FMC, and configure cluster members in Cisco FMC.

Question 9

Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment?

Options:

Child domains can view but not edit dashboards that originate from an ancestor domain.

Child domains have access to only a limited set of widgets from ancestor domains.

Only the administrator of the top ancestor domain can view dashboards.

Child domains cannot view dashboards that originate from an ancestor domain.

Question 10

Which Cisco Rapid Threat Containment mitigation action is enabled by integrating pxGrid Adaptive Network Control with Cisco ISE and Cisco Secure Firewall Management Center?

Options:

Block

Terminate

Suspend

Reject

Question 11

While configuring FTD, a network engineer wants to ensure that traffic passing through the appliance does not require routing or Vlan rewriting. Which interface mode should the engineer implement to accomplish this task?

Options:

passive

transparent

Inline tap

Inline set

Question 12

After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?

Options:

/etc/sf/DCMIB.ALERT

/sf/etc/DCEALERT.MIB

/etc/sf/DCEALERT.MIB

system/etc/DCEALERT.MIB

Question 13

Refer to the exhibit An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall After making the change and deploying thepokey they see that DNS traffic is not bang inspected by the Snort engine What is the problem?

Options:

The rule must specify the security zone that originates the traffic

The rule must define the source network for inspection as well as the port

The action of the rule is set to trust instead of allow.

The rule is configured with the wrong setting for the source port

Question 14

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. Which technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

Options:

utilizing a dynamic Access Control Policy that updates from Cisco Talos

utilizing policy inheritance

creating a unique Access Control Policy per device

creating an Access Control Policy with an INSIDE_NET network object and object overrides

Question 15

Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?

Options:

pxGrid

FTD RTC

FMC RTC

ISEGrid

Question 16

What is the role of realms in the Cisco ISE and Cisco FMC integration?

Options:

AD definition

TACACS+ database

Cisco ISE context

Cisco Secure Firewall VDC

Question 17

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?

Options:

system support firewall-engine-debug

system support ssl-debug

system support platform

system support dump-table

Question 18

Which two solutions are used to access and view aggregated log data from the firewalls using Cisco Security Analytics and Logging? (Choose two.)

Options:

Cisco Secure Network Analytics

Cisco Defense Orchestrator

Cisco Catalyst Center

Secure Cloud Analytics

Cisco Prime Infrastructure

Question 19

A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

Options:

Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.

Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.

There is a host limit set.

The user agent status is set to monitor.

Question 20

An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

Options:

controller

publisher

client

server

Question 21

In a multi-tennent deployment where multiple domains are in use. which update should be applied outside of the Global Domain?

Options:

minor upgrade

local import of intrusion rules

Cisco Geolocation Database

local import of major upgrade

Question 22

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

Options:

Add the hash to the simple custom deletion list.

Use regular expressions to block the malicious file.

Enable a personal firewall in the infected endpoint.

Add the hash from the infected endpoint to the network block list.

Question 23

Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?

Options:

Malware Report

Host Report

Firepower Report

Network Report

Question 24

What is the maximum SHA level of filtering that Threat Intelligence Director supports?

Options:

SHA-1024

SHA-4096

SHA-512

SHA-256

Question 25

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

Options:

Enable Inspect Local Router Traffic

Enable Automatic Application Bypass

Configure Fastpath rules to bypass inspection

Add a Bypass Threshold policy for failures

Question 26

An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?

Options:

prefilter

intrusion

identity

URL filtering

Question 27

An engineer is setting up a new Cisco Secure Firewall Threat Defense appliance to replace the current firewall. The company requests that inline sets be used and that when one interface in

an inline set goes down, the second interface in the inline set goes down. What must the engineer configure to meet the deployment requirements?

Options:

strict TCP enforcement

propagate link state

Snort fail open

inline tap mode

Question 28

Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

Options:

The units must be the same version

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

The units must be different models if they are part of the same series.

The units must be configured only for firewall routed mode.

The units must be the same model.

Question 29

An engineer must configure a Cisco FMC dashboard in a child domain. Which action must be taken so that the dashboard is visible to the parent domain?

Options:

Add a separate tab.

Adjust policy inheritance settings.

Add a separate widget.

Create a copy of the dashboard.

Question 30

Which component simplifies incident investigation with Cisco Threat Response?

Options:

Cisco AMP client

local CVE database

Cisco Secure Firewall appliance

browser plug-in

Question 31

An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration tasks must be performed to achieve this file lookup? (Choose two).

Options:

The Cisco FMC needs to include a SSL decryption policy.

The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.

The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.

The Cisco FMC needs to connect with the FireAMP Cloud.

The Cisco FMC needs to include a file inspection policy for malware lookup.

Question 32

An administrator is configuring a transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port but the FTD is not processing the traffic What is the problem?

Options:

The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.

The FTD must be configured with an ERSPAN port, not a passive port.

The FTD must &e in routed mode to process ERSPAN traffic.

Theswitcheswere not set up with a monitor session ID (hat matches the flow ID defined on the FTD

Question 33

An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation. How will this issue be addresses globally in the quickest way possible and with the least amount of impact?

Options:

by denying outbound web access

Cisco Talos will automatically update the policies.

by Isolating the endpoint

by creating a URL object in the policy to block the website

Question 34

An engineer is configuring URL filtering tor a Cisco Secure Firewall Threat Defense device in Cisco Secure Firewall Management Centre. Use's must receive a warning when they access

..wwww badaduitsito com with the option of continuing to the website if they choose to No other websites should he blocked. Which two actions must the engineer take to moot these requirements?

Options:

Configure an access control rule that matches an URL object for http://www.Dadadullsile.com ' and set the action to Interactive Block.

On the HTTP Responses tab of the access control policy editor, set the Interactive Block Response Page to System-provided.

Configure the default action for the access control policy to Interactive Block.

On the HTTP Responses tab of the access control policy editor set the Block Response Page to Custom.

Configure an access control rule that matches the Adult URL category and sot the action to Interactive Block

Question 35

An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem?

Options:

The backup file is not in .cfg format.

The backup file is too large for the Cisco FTD device

The backup file extension was changed from tar to zip

The backup file was not enabled prior to being applied

Question 36

An organization created a custom application that is being flagged by Cisco Secure Endpoint. The application must be exempt from being flagged. What is the process to meet the requirement?

Options:

Modify the custom detection list to exclude me custom application.

Preculculate the hash value of the custom application and add it to the allowed applications.

Configure the custom application to use the information-store paths.

Add the custom application to the DFC 1st and update the policy.

Question 37

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

Options:

The rate-limiting rule is disabled.

Matching traffic is not rate limited.

The system rate-limits all traffic.

The system repeatedly generates warnings.

Question 38

An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

Options:

Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies

Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic

Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.

Tune the intrusion policies in order to allow the VPN traffic through without inspection

Question 39

A VPN user is unable to conned lo web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS responses are not getting through the Cisco FTD What must be done to address this issue while still utilizing Snort IPS rules?

Options:

Uncheck the "Drop when Inline" box in the intrusion policy to allow the traffic.

Modify the Snort rules to allow legitimate DNS traffic to the VPN users.

Disable the intrusion rule threshes to optimize the Snort processing.

Decrypt the packet after the VPN flow so the DNS queries are not inspected

Question 40

An engineer must change the mode of a Cisco Secure Firewall Threat Defense (FTD) firewall in the Cisco Secure Firewall Management Center (FMC) inventory. The engineer must take these actions:

• Register Secure FTD with Secure FMC.

• Change the firewall mode.

• Deregister the Secure FTD device from Secure FMC.

How must the engineer take FTD take the actions?

Options:

Reload the Secure FTD device.

Configure the management IP address.

Access the Secure FTD CLI from the console port.

Erase the Secure FTD configuration

Question 41

An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192 168.100.100 has the MAC address of 0042 7734.103 to help troubleshoot aconnectivity issue What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

Options:

-nm src 192.168.100.100

-ne src 192.168.100.100

-w capture.pcap -s 1518 host 192.168.100.100 mac

-w capture.pcap -s 1518 host 192.168.100.100 ether

Question 42

Which two actions can be used in an access control policy rule? (Choose two.)

Options:

Block with Reset

Monitor

Analyze

Discover

Block ALL

Question 43

A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair.

Which configuration must be changed before setting up the high availability pair?

Options:

An IP address in the same subnet must be added to each Cisco FTD on the interface.

The interface name must be removed from the interface on each Cisco FTD.

The name Failover must be configured manually on the interface on each cisco FTD.

The interface must be configured as part of a LACP Active/Active EtherChannel.

Question 44

Refer to the exhibit.

What is the effect of the existing Cisco FMC configuration?

Options:

The remote management port for communication between the Cisco FMC and the managed device changes to port 8443.

The managed device is deleted from the Cisco FMC.

The SSL-encrypted communication channel between the Cisco FMC and the managed device becomes plain-text communication channel.

The management connection between the Cisco FMC and the Cisco FTD is disabled.

Question 45

An engineer must create a basic access control policy in the Cisco Secure Firewall Management Center to block all traffic by default. Drag and drop the configuration actions from the left into sequence on the right.

Options:

Question 46

A network administrator is reviewing a monthly advanced malware risk report and notices a host that Is listed as CnC Connected. Where must the administrator look within Cisco FMC to further determine if this host is infected with malware?

Options:

Analysis > Hosts > indications of Compromise

Analysts > Files > Malware Events

Analysis > Hosts > Host Attributes

Analysis > Flies > Network File Trajectory

Answer:

Explanation:

To determine if a host is infected with malware, the network administrator can look at the Indications of Compromise (IOC) feature in Cisco FMC. The IOC feature analyzes network and endpoint data collected by Firepower sensors and AMP for Endpoints connectors, and identifies hosts that exhibit signs of compromise or infection. The IOC feature uses predefined rules based on Cisco Talos intelligence and other sources to detect IOCs on hosts. One of these rules is CnC Connected, which indicates that a host has communicated with a command-and-control (CnC) server that is known to be associated with malware activity2.

To view the IOC information for a host, the network administrator can navigate to Analysis > Hosts > Indications of Compromise in Cisco FMC, and select a host from the table. The IOC Details page will show the IOC events for that host, including the CnC Connected event, along with other information such as severity, timestamp, source, destination, protocol, and rule name. The network administrator can also view more details about each IOC event by clicking on it2.

The other options are incorrect because:

Analysis > Files > Malware Events shows information about files that have been detected as malware by Firepower sensors or AMP for Endpoints connectors. This does not show information about hosts that are infected with malware or have communicated with CnC servers3.

Analysis > Hosts > Host Attributes shows information about hosts that have been discovered by Firepower sensors, such as IP address, MAC address, operating system, applications, users, vulnerabilities, and so on. This does not show information about IOCs or CnC connections on hosts4.

Analysis > Files > Network File Trajectory shows information about files that have traversed your network and have been detected by Firepower sensors or AMP for Endpoints connectors. This allows you to track where a file came from, where it went, and what happened to it along the way. This does not show information about hosts that are infected with malware or have communicated with CnC servers5.

Question 47

An engineer is implementing a new Cisco Secure Firewall. The firewall must filler traffic between the three subnets:

• LAN 192.168.101.0724

• DMZ 192.168 200.0/24

• WAN 10.0.0.0/30

Which firewall mode must the engineer implement?

Options:

transparent

network

routed

gateway

Question 48

An engineer is configuring Cisco Security Devices by using Cisco Secure Firewall Management Center. Which configuration command must be run to compare the CA certificate bundle on the local system to the latest CA bundle from the Cisco server?

Options:

configure cert-update compare

configure cert-update auto-update enable

configure cert-update run-now

configure cert-update test

Question 49

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?

Options:

inline tap monitor-only mode

passive monitor-only mode

passive tap monitor-only mode

inline mode

Question 50

A network engineer must monitor threat events from the console of Cisco Secure Firewall Management Center. The engineer integrates the Cisco Secure Firewall Malware Defense in Secure Firewall Management Center. Which action must the engineer take next?

Options:

Log in to Cisco Secure Endpoint, click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection, and add a Secure Firewall Malware Defense cloud connection to Secure FMC.

Log in to Secure Endpoint, click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection, add a Secure Firewall Malware Defense cloud connection to Secure FMC, and select the Secure Firewall Malware Defense cloud for Secure Endpoint.

Add a Secure Firewall Malware Defense cloud connection in Secure FMC, log in to Secure Endpoint, and click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection.

Add a Secure Firewall Malware Defense cloud connection in Secure FMC, select the Secure Firewall Malware Defense cloud for Secure Endpoint, log in to Secure Endpoint, and click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection.

Question 51

A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response Which step must be taken to resolve this issue without initiating traffic from the client?

Options:

Use packet-tracer to ensure that traffic is not being blocked by an access list.

Use packet capture to ensure that traffic is not being blocked by an access list.

Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address.

Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address.

Question 52

Refer to the exhibit. A client that has IP address 192.168.67.102 reports issues when connecting to a remote server. Based on the topology and output of packet tracer tool, which action resolves the connectivity issue?

Options:

Add the route to the destination.

Unblock the access rule on FTDv.

Restart the client-side application.

Reconfigure NAT on FTDv.

Question 53

An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network.

The user is reporting that the file is not malicious.

Which action does the engineer take to identify the file and validate whether or not it is malicious?

Options:

identify the file in the intrusion events and submit it to Threat Grid for analysis.

Use FMC file analysis to look for the file and select Analyze to determine its disposition.

Use the context explorer to find the file and download it to the local machine for investigation.

Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious.

Question 54

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

Options:

Redundant Interface

EtherChannel

Speed

Media Type

Duplex

Question 55

Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

Options:

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re- apply the policies after registration is completed.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

No option to delete and re-add a device is available in the Cisco FMC web interface.

The Cisco FMC web interface prompts users to re-apply access control policies.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

Question 56

When an engineer captures traffic on a Cisco FTD to troubleshoot a connectivity problem, they receive a large amount of output data in the GUI tool. The engineer found that viewing the Captures this way is time-consuming and difficult lo son and filter. Which file type must the engineer export the data in so that it can be reviewed using a tool built for this type of analysis?

Options:

NetFlow v9

PCAP

NetFlow v5

IPFIX

Answer:

Explanation:

When capturing traffic on a Cisco FTD device to troubleshoot a connectivity problem, a file type that can be exported for reviewing using a tool built for this type of analysis is PCAP. PCAP stands for Packet Capture and it is a file format used to store network packet data captured from anetwork interface8. PCAP files contain the raw data of network packets, including the headers and payloads of each packet8.

PCAP files are widely used in network analysis and troubleshooting tasks. They enable network administrators, analysts, and researchers to inspect and analyze network traffic for various purposes, such as diagnosing network issues, detecting malicious activity, measuring network performance, and understanding network protocols8. PCAP files can be read by applications that understand that format, such as Wireshark, tcpdump, CA NetMaster, or Microsoft Network Monitor8.

The other options are incorrect because:

NetFlow v9 is not a file type, but a protocol for collecting and exporting information about network flows. A network flow is a sequence of packets that share common attributes such as source and destination IP addresses, ports, and protocols9. NetFlow v9 records contain summary information about network flows, such as start and end times, byte counts, packet counts, and so on9. NetFlow v9 records do not contain the raw data of network packets.

NetFlow v5 is not a file type, but an earlier version of the NetFlow protocol for collecting and exporting information about network flows. NetFlow v5 records contain similar information as NetFlow v9 records, but with fewer fields and less flexibility10. NetFlow v5 records do not contain the raw data of network packets.

IPFIX is not a file type, but a protocol for collecting and exporting information about network flows. IPFIX stands for IP Flow Information Export and it is based on NetFlow v9, but with some extensions and improvements11. IPFIX records contain similar information as NetFlow v9 records, but with more fields and more flexibility11. IPFIX records do not contain the raw data of network packets.

Question 57

Network users experience issues when accessing a server on a different network segment. An engineer investigates the issue by performing packet capture on Cisco Secure Firewall Threat Defense. The engineer expects more data and suspects that not all the traffic was collected during a 15-minute can’t captured session. Which action must the engineer take to resolve the issue?

Options:

Forward the captured data lo an FTP server

Increase the amount of RAM allocated for the capture.

Provide a file name to save the data.

Ensure that the allocated memory is sufficient.

Question 58

An engineer is deploying a Cisco Secure Firewall Management Center appliance. The company must send data to Cisco Secure Network Analytics appliances. Which two actions must the engineer take? (Choose two.)

Options:

Configure Security Intelligence object to send data to Cisco Secure Network Analytics.

Add the Netflow_Send_Destination object to the configuration.

Add the Netflow_Add_Destination object to the configuration.

Add the Netflow_Set_Parameters object to the configuration.

Create a service identifier to enable the NetFlow service.

Question 59

A network engineer is deploying a Cisco Firepower 4100 appliance and must configure a multi-instance environment for high availability. Drag and drop me actions from the left into sequence on the right far this configuration.

Options:

Question 60

The CEO ask a network administrator to present to management a dashboard that shows custom analysis tables for the top DNS queries URL category statistics, and the URL reputation statistics.

Which action must the administrator take to quickly produce this information for management?

Options:

Run the Attack report and filter on DNS to show this information.

Create a new dashboard and add three custom analysis widgets that specify the tables needed.

Modify the Connection Events dashboard to display the information in a view for management.

Copy the intrusion events dashboard tab and modify each widget to show the correct charts.

Question 61

A network administrator is migrating from a Cisco ASA to a Cisco FTD.

EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC.

Which action must the administrator take to enable this feature on the Cisco FTD?

Options:

Configure EIGRP parameters using FlexConfig objects.

Add the command feature eigrp via the FTD CLI.

Create a custom variable set and enable the feature in the variable set.

Enable advanced configuration options in the FMC.

Question 62

Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

Options:

FlexConfig

BDI

SGT

IRB

Question 63

An administrator configures a Cisco Secure Firewall Threat Defense device in transparent mode. To configure the BVI (Bridge Virtual Interface), the administrator must:

Add a bridge-group interface

Configure a bridge-group ID

Configure the bridge-group interface description

Add bridge-group member interfaces

How must the engineer perform these actions?

Options:

Configure a name for the bridge-group interface

Set a security zone for the bridge-group interface

Set the bridge-group interface mode to transparent

Configure an IP address for the bridge-group interface

Question 64

An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

Options:

Enable SSH and define an access list.

Enable HTTP and define an access list.

Enable SCP under the Access List section.

Enable HTTPS and SNMP under the Access List section.

Question 65

Drag and drop the configuration steps from the left into the sequence on the right to enable external authentication on Cisco FMC to a RADIUS server.

Options:

Question 66

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour. How is this accomplished?

Options:

Modify the access control policy to redirect interesting traffic to the engine

Modify the network discovery policy to detect new hosts to inspect

Modify the network analysis policy to process the packets for inspection

Modify the intrusion policy to determine the minimum severity of an event to inspect.

Question 67

With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?

Options:

switch virtual

bridge group member

bridge virtual

subinterface

Question 68

A network administrator is implementing an active/passive high availability Cisco FTD pair.

When adding the high availability pair, the administrator cannot select the secondary peer.

What is the cause?

Options:

The second Cisco FTD is not the same model as the primary Cisco FTD.

An high availability license must be added to the Cisco FMC before adding the high availability pair.

The failover link must be defined on each Cisco FTD before adding the high availability pair.

Both Cisco FTD devices are not at the same software Version

Question 69

Network users are experiencing Intermittent issues with internet access. An engineer ident med mat the issue Is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without running out of resources?

Options:

Define an additional static NAT for the network object in use.

Configure fallthrough to interface PAT on 'he Advanced tab.

Convert the dynamic auto NAT rule to dynamic manual NAT.

Add an identity NAT rule to handle the overflow of users.

Question 70

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

Options:

in active/active mode

in a cluster span EtherChannel

in active/passive mode

in cluster interface mode

Question 71

What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

Options:

1024

8192

4096

2048

Question 72

An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit. What is causing this issue?

Options:

The primary FMC currently has devices connected to it.

The code versions running on the Cisco FMC devices are different

The licensing purchased does not include high availability

There is only 10 Mbps of bandwidth between the two devices.

Question 73

Which feature issupportedby IRB on Cisco FTD devices?

Options:

redundant interface

dynamic routing protocol

EtherChannel interface

high-availability cluster

Question 74

An engineer must replace a Cisco Secure Firewall high-availability device due to a failure. When the replacement device arrives, the engineer must separate the high-availability pair from Cisco Secure Firewall Management Center Which action must the engineer take first to restore high availability?

Options:

Force a break between the devices.

Unregister the secondary device.

Configure NTP time synchronization.

Question 75

A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detectionWhich action should be taken to accomplish this goal?

Options:

Enable Threat Intelligence Director using STIX and TAXII

Enable Rapid Threat Containment using REST APIs

Enable Threat Intelligence Director using REST APIs

Enable Rapid Threat Containment using STIX and TAXII

Question 76

A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?

Options:

The malware license has not been applied to the Cisco FTD.

The Cisco FMC cannot reach the Internet to analyze files.

A file policy has not been applied to the access policy.

Only Spero file analysis is enabled.

Question 77

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?

Options:

Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.

Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.

Deploy multiple Cisco FTD HA pairs to increase performance

Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance

Question 78

Refer to the exhibit. A Cisco Secure Firewall Management Center, 7.0 device fails to receive intelligence feed updates. The Cisco Secure Firewall Management Center is configured to use a proxy server that performs SSL inspection. Which action allows the Cisco Secure Firewall Management Center device to download the intelligence feed updates?

Options:

Install a self-signed certificate on the proxy server for intelligence.sourcefire.com.

Verify that the proxy server can use HTTPS to communicate to the internet.

Ensure that proxy authentication is disabled for the Cisco Secure Firewall Management Center device.

Bypass the proxy server for intelligence.sourcefire.com.

Question 79

Which protocol establishes network redundancy in a switched Firepower device deployment?

Options:

STP

HSRP

GLBP

VRRP

Question 80

What is the RTC workflow when the infected endpoint is identified?

Options:

Cisco ISE instructs Cisco AMP to contain the infected endpoint.

Cisco ISE instructs Cisco FMC to contain the infected endpoint.

Cisco AMP instructs Cisco FMC to contain the infected endpoint.

Cisco FMC instructs Cisco ISE to contain the infected endpoint.

Question 81

Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)

Options:

application blocking

simple custom detection

file repository

exclusions

application whitelisting

Question 82

A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one. Which action accomplishes this task?

Options:

Create a new dashboard object via Object Management to represent the desired views.

Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.

Copy the Malware Report and modify the sections to pull components from other reports.

Use the import feature in the newly created report to select which dashboards to add.

Question 83

When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)

Options:

Diagnostic

EtherChannel

BVI

Physical

Subinterface

Question 84

Which protocol is needed to exchange threat details in rapid threat containment on Cisco FMC?

Options:

SGT

SNMP v3

BFD

pxGrid

Question 85

When do you need the file-size command option during troubleshooting with packet capture?

Options:

when capture packets are less than 16 MB

when capture packets are restricted from the secondary memory

when capture packets exceed 10 GB

when capture packets exceed 32 MB

Question 86

An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime During the setup process, the synchronization between the two devices is failing What action is needed to resolve this issue?

Options:

Confirm that both devices have the same port-channel numbering

Confirm that both devices are running the same software version

Confirm that both devices are configured with the same types of interfaces

Confirm that both devices have the same flash memory sizes

Question 87

An engineer must configure high availability on two Cisco Secure Firewall Threat Defense appliances. Drag and drop the configuration steps from the left into the sequence on the right.

Options:

Question 88

An engineer must integrate a third-party security intelligence feed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2.3 and has 8

GB of memory. Which two actions must be taken to implement Threat Intelligence Director? (Choose two.)

Options:

Enable REST API access.

Add a TAXII server.

Add the URL of the TAXII server.

Upgrade to version 6.6.

Add 7 GB of memory.

Question 89

While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrella. Which API meets this requirement?

Options:

investigate

reporting

enforcement

REST

Question 90

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

Options:

Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

Use the packet tracer tool to determine at which hop the packet is being dropped.

Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

Question 91

Which default action setting in a Cisco FTD Access Control Policy allows all traffic from an undefined application to pass without Snort Inspection?

Options:

Trust All Traffic

Inherit from Base Policy

Network Discovery Only

Intrusion Prevention

Question 92

Refer to the exhibit.

A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that the ping packets reach the destination and that the host receives replies?

Options:

Create an access control policy rule that allows ICMP traffic.

Configure a custom Snort signature to allow ICMP traffic after Inspection.

Modify the Snort rules to allow ICMP traffic.

Create an ICMP allow list and add the ICMP destination to remove it from the implicit deny list.

Question 93

Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)

Options:

Cisco ASA 5500 Series

Cisco FMC

Cisco AMP

Cisco Stealthwatch

Cisco ASR 7200 Series

Question 94

An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual Firepower devices working separately inside of the FTD appliance to provide traffic segmentation Which deployment mode should be configured in the Cisco Firepower Management Console to support these requirements?

Options:

multiple deployment

single-context

single deployment

multi-instance

Question 95

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

Options:

Use regular expressions to block the malicious file.

Add the hash from the infected endpoint to the network block list.

Add the hash to the simple custom detection list.

Enable a personal firewall in the infected endpoint.

Question 96

Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

Options:

Cisco Firepower Threat Defense mode

transparent mode

routed mode

integrated routing and bridging

Question 97

An engineer must export a packet capture from Cisco Secure Firewall Management Center to assist in troubleshooting an issue an a Secure Firewall Threat Defense device. When the engineer navigates to URL for Secure Firewall Management Center at:

../capture/CAP/pcap/sample.pcap

An engineer receives a 403: Forbidden error instead of being provided with the PCAP file. Which action resolves the issue?

Options:

Disable the HTTPS server and use HTTP.

Enable the proxy setting in the device platform policy.

Enable HTTPS in the device platform policy.

Disable the proxy setting on the client browser.

Question 98

A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done to achieve this goal?

Options:

Enable lhe FXOS for multi-instance.

Configure a prefilter policy.

Configure modular policy framework.

Disable TCP inspection.

Question 99

Refer to the exhibit.

An engineer generates troubleshooting files in Cisco Secure Firewall Management Center (FMC). A successfully completed task Is removed before the files are downloaded. Which two actions must be taken to determine the filename and obtain the generated troubleshooting files without regenerating them? (Choose two.)

Options:

Use an FTP client Hi expert mode on Secure FMC lo upload the files to the FTP server.

Go to the same screen as shown in the exhibit, click Advanced Troubleshooting, enter the rile name, and then start the download

Connect to CU on the FTD67 and FTD66 devices and copy the tiles from flash to the PIP server.

Go to expert mode on Secure FMC. list the contents of/Var/common, and determine the correct filename from the output

Click System Monitoring, men Audit to determine the correct filename from the line containing the Generate Troubleshooting Files string.

Question 100

An engineer is configuring two new Cisco FTD devices to replace the existing high availability firewall pair in a highly secure environment. The information exchanged between the FTD devices over the failover link must be encrypted. Which protocol supports this on the Cisco FTD?

Options:

IPsec

SSH

SSL

MACsec

Question 101

An engineer is reviewing an existing custom server fingerprint on a Cisco Secure Firewall because the current information is inaccurate. Which action must the engineer take to improve the accuracy of the network discovery rules?

Options:

Exclude the IP address that is used to communicate with the monitored host.

Exclude the ports that must be skipped.

Add NetFlow monitoring for the network segment.

Set one common rule to override the reports in the multidomain environment.

Question 102

An engineer must implement Cisco Secure Firewall transparent mode due to a new server recently being added that must communicate with an existing server that is currently separated by the firewall. Which implementation action must be taken next by the engineer to accomplish the goal?

Options:

Enable both servers to share the same VXLAN segment.

Configure the same default gateway for both servers.

Ensure that both servers are in the same bridge domain.

Assign the same subnet to both servers.

Question 103

On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

Options:

transparent inline mode

TAP mode

strict TCP enforcement

propagate link state

Question 104

Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?

Options:

configure coredump packet-engine enable

capture-traffic

capture

capture WORD

Question 105

Which feature within the Cisco FMC web interface allows for detecting, analyzing and blocking malware in network traffic?

Options:

intrusion and file events

Cisco AMP for Endpoints

Cisco AMP for Networks

file policies

Question 106

A network administrator is configuring a transparent Cisco Secure Firewall Threat Defense registered to a Cisco Secure Firewall Management Center. The administrator wants to configure the Secure Firewall Threat Defense to allow ARP traffic to pass between two interfaces of a bridge group. What must be configured?

Options:

Use the default configuration on the devices.

An access policy must allow MAC address FFFF.FFFF.FFFF.

ARP inspection must be disabled.

An access policy must allow MAC address 0100.0CCC.CCCD.

Question 107

An engineer is configuring Cisco Secure Firewall Threat Defense managed by a Secure Firewall Management Center appliance. The company wants remote access VPN users to be reachable from the inside network. What must the engineer configure to meet the requirements?

Options:

manual NAT exemption rule at the top of the NAT policy

manual NAT exemption rule at the bottom of the NAT policy

auto NAT exemption rule at the top of the NAT policy

auto NAT exemption rule at the bottom of the NAT policy

Question 108

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

Options:

Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.

The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.

Allows traffic inspection to continue without interruption during the Snort process restart.

The interfaces are automatically configured as a media-independent interface crossover.

Question 109

Which report template field format is available in Cisco FMC?

Options:

box lever chart

arrow chart

bar chart

benchmark chart

Question 110

Which firewall mode is Cisco Secure Firewall Threat Defense in when two physical interfaces are assigned to a named BVI?

Options:

Routed

Transparent

In-line

IPS only

Question 111

Which interface type allows packets to be dropped?

Options:

passive

inline

ERSPAN

TAP

Question 112

An engineer must integrate a thud-party security Intelligence teed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2 3 and has 8 GB of memory. Which two actions must be taken to implement Throat Intelligence Director? (Choose two.)

Options:

Upgrade to version 6.6.

Enable REST API access.

Add the URL of the TAXII server.

Add 7 GB of memory.

Add a TAXII server

Question 113

Which feature sets up multiple interfaces on a Cisco Secure Firewall Threat Defense to be on the same subnet?

Options:

EtherChannel

SVI

BVI

security levels

Question 114

A network engineer is planning on replacing an Active/Standby pair of physical Cisco Secure Firewall ASAs with a pair of Cisco Secure Firewall Threat Defense Virtual appliances. Which two virtual environments support the current High Availability configuration? (Choose two.)

Options:

KVM

Azure

ESXi

AWS

Openstack

Question 115

What is a feature of Cisco AMP private cloud?

Options:

It supports anonymized retrieval of threat intelligence

It supports security intelligence filtering.

It disables direct connections to the public cloud.

It performs dynamic analysis

Load More 300-710 Questions

Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

Dumpswrap Top Menu

breadcrumb

Cisco 300-710 Dumps

300-710 Free PDF Questions

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer: