ExamGecko
Search Search Login
Home Home / Cisco / 300-710

Cisco 300-710 Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An engineer must integrate a thud-party security Intelligence teed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2 3 and has 8 GB of memory. Which two actions must be taken to implement Throat Intelligence Director? (Choose two.)
Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)
What is the difference between inline and inline tap on Cisco Firepower?
What is a result of enabling Cisco FTD clustering?
A network engineer must configure an existing firewall to have a NAT configuration. The now configuration must support more than two interlaces per context. The firewall has previously boon operating transparent mode. The Cisco Secure Firewall Throat Defense (FTD) device has been deregistered from Cisco Secure Firewall Management Center (FMC). Which set of configuration actions must the network engineer take next to meet the requirements?
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?
An engineer has been tasked with performing an audit of network projects to determine which objects are duplicated across the various firewall models (Cisco Secure Firewall Threat Defense Cisco Secure firewall ASA, and Meraki MX Series) deployed throughout the company Which tool will assist the engineer in performing that audit?
A software development company hosts the website http:dev.company.com for contractors to share code for projects they are working on with internal developers. The web server is on premises and is protected by a Cisco Secure Firewall Threat Defense appliance. The network administrator is worried about someone trying to transmit infected files to internal users via this site. Which type of policy must be able associated with an access control policy to enable Cisco Secure Firewall Malware Defense to detect and block malware?
An engineer is troubleshooting an intermittent connectivity issue on a Cisco Secure Firewall Threat Defense appliance and must collect 24 hours' worth of data. The engineer started a packet capture. Whenever it stops prematurely during this time period. The engineer notices that the packet capture butter size is set to the default of 32 MB Which butter S170 is the maximum that the engineer must sot to able the packet capture to run successfully?
Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

Question 91

Report
Export
Collapse

An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass Which default policy should be used?

A.

Maximum Detection

A.

Maximum Detection

Answers
B.

Security Over Connectivity

B.

Security Over Connectivity

Answers
C.

Balanced Security and Connectivity

C.

Balanced Security and Connectivity

Answers
D.

Connectivity Over Security

D.

Connectivity Over Security

Answers
Suggested answer: C

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-intrusion.html

Question 92

Report
Export
Collapse

An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10 10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?

A.

Delete and reregister the device to Cisco FMC

A.

Delete and reregister the device to Cisco FMC

Answers
B.

Update the IP addresses from IFV4 to IPv6 without deleting the device from Cisco FMC

B.

Update the IP addresses from IFV4 to IPv6 without deleting the device from Cisco FMC

Answers
C.

Format and reregister the device to Cisco FMC.

C.

Format and reregister the device to Cisco FMC.

Answers
D.

Cisco FMC does not support devices that use IPv4 IP addresses.

D.

Cisco FMC does not support devices that use IPv4 IP addresses.

Answers
Suggested answer: A

Question 93

Report
Export
Collapse

A security engineer is configuring an Access Control Policy for multiple branch locations These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

A.

utilizing policy inheritance

A.

utilizing policy inheritance

Answers
B.

utilizing a dynamic ACP that updates from Cisco Talos

B.

utilizing a dynamic ACP that updates from Cisco Talos

Answers
C.

creating a unique ACP per device

C.

creating a unique ACP per device

Answers
D.

creating an ACP with an INSIDE_NET network object and object overrides

D.

creating an ACP with an INSIDE_NET network object and object overrides

Answers
Suggested answer: D

Question 94

Report
Export
Collapse

An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this?

A.

Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly

A.

Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly

Answers
B.

Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly

B.

Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly

Answers
C.

Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall.

C.

Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall.

Answers
D.

Use the system support network-options command to fine tune the policy.

D.

Use the system support network-options command to fine tune the policy.

Answers
Suggested answer: A

Question 95

Report
Export
Collapse

An administrator is attempting to remotely log into a switch in the data centre using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?

A.

by running Wireshark on the administrator's PC

A.

by running Wireshark on the administrator's PC

Answers
B.

by performing a packet capture on the firewall.

B.

by performing a packet capture on the firewall.

Answers
C.

by running a packet tracer on the firewall.

C.

by running a packet tracer on the firewall.

Answers
D.

by attempting to access it from a different workstation.

D.

by attempting to access it from a different workstation.

Answers
Suggested answer: B

Question 96

Report
Export
Collapse

What is the advantage of having Cisco Firepower devices send events to Cisco Threat response via the security services exchange portal directly as opposed to using syslog?

A.

Firepower devices do not need to be connected to the internet.

A.

Firepower devices do not need to be connected to the internet.

Answers
B.

All types of Firepower devices are supported.

B.

All types of Firepower devices are supported.

Answers
C.

Supports all devices that are running supported versions of Firepower

C.

Supports all devices that are running supported versions of Firepower

Answers
D.

An on-premises proxy server does not need to set up and maintained

D.

An on-premises proxy server does not need to set up and maintained

Answers
Suggested answer: D

Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/integrations/CTR/Firepower_and_Cisco_Threat_Response_Integration_Guide.pdf

Question 97

Report
Export
Collapse


An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation. How will this issue be addresses globally in the quickest way possible and with the least amount of impact?

A.

by denying outbound web access

A.

by denying outbound web access

Answers
B.

Cisco Talos will automatically update the policies.

B.

Cisco Talos will automatically update the policies.

Answers
C.

by Isolating the endpoint

C.

by Isolating the endpoint

Answers
D.

by creating a URL object in the policy to block the website

D.

by creating a URL object in the policy to block the website

Answers
Suggested answer: D

Question 98

Report
Export
Collapse

An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?

A.

identity

A.

identity

Answers
B.

Intrusion

B.

Intrusion

Answers
C.

Access Control

C.

Access Control

Answers
D.

Prefilter

D.

Prefilter

Answers
Suggested answer: C

Explanation:

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migrationguide/ASA2FTD-with-FP-Migration-Tool/b_Migration_Guide_ASA2FTD_chapter_01011.html

Question 99

Report
Export
Collapse

Which two routing options are valid with Cisco FTD? (Choose Two)

A.

BGPv6

A.

BGPv6

Answers
B.

ECMP with up to three equal cost paths across multiple interfaces

B.

ECMP with up to three equal cost paths across multiple interfaces

Answers
C.

ECMP with up to three equal cost paths across a single interface

C.

ECMP with up to three equal cost paths across a single interface

Answers
D.

BGPv4 in transparent firewall mode

D.

BGPv4 in transparent firewall mode

Answers
E.

BGPv4 with nonstop forwarding

E.

BGPv4 with nonstop forwarding

Answers
Suggested answer: A, C

Explanation:

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-configguide-v601/fpmc-config-guide-v60_chapter_01100011.html#ID-2101-0000000e

Question 100

Report
Export
Collapse

With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?

A.

switch virtual

A.

switch virtual

Answers
B.

bridge group member

B.

bridge group member

Answers
C.

bridge virtual

C.

bridge virtual

Answers
D.

subinterface

D.

subinterface

Answers
Suggested answer: C

Explanation:

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide-v64/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

Total 326 questions
Go to page: of 33
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms