Cisco 300-710 Practice Test - Questions Answers, Page 18
Question list
List of questions
Related questions
An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy.
There is a requirement to present the internal IP subnet to the outside as a different IP address.
What must be configured to meet these requirements?
Configure the downstream router to perform NAT.
Configure the upstream router to perform NAT.
Configure the Cisco FTD firewall in routed mode with NAT enabled.
Configure the Cisco FTD firewall in transparent mode with NAT enabled.
Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)
Cisco ASA 5500 Series
Cisco FMC
Cisco AMP
Cisco Stealthwatch
Cisco ASR 7200 Series
An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible. Why is this occurring?
An API restriction within the Cisco FMC is preventing the widget from displaying.
The widget is configured to display only when active events are present.
The widget is not configured within the Cisco FMC.
The security analyst role does not have permission to view this widget.
A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not reachable from the Internet on port 80.
Which configuration change is needed?
The intrusion policy must be disabled for port 80.
The access policy rule must be configured for the action trust.
The NAT policy must be modified to translate the source IP address as well as destination IP address.
The access policy must allow traffic to the internal web server IP address.
An engineer must configure a Cisco FMC dashboard in a child domain. Which action must be taken so that the dashboard is visible to the parent domain?
Add a separate tab.
Adjust policy inheritance settings.
Add a separate widget.
Create a copy of the dashboard.
An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?
Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.
Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.
Use the packet tracer tool to determine at which hop the packet is being dropped.
Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.
A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. Which technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?
utilizing a dynamic Access Control Policy that updates from Cisco Talos
utilizing policy inheritance
creating a unique Access Control Policy per device
creating an Access Control Policy with an INSIDE_NET network object and object overrides
An engineer runs the command restore remote-manager-backup location 2.2.2.2 admin /Volume/home/admin FTD408566513.zip on a Cisco FMC. After connecting to the repository, the Cisco FTD device is unable to accept the backup file.
What is the reason for this failure?
The backup file is not in .cfg format.
The wrong IP address is used.
The backup file extension was changed from .tar to .zip.
The directory location is incorrect.
A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?
Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.
Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.
There is a host limit set.
The user agent status is set to monitor.
An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see the Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?
Use the verbose option as a part of the capture-traffic command
Use the capture command and specify the trace option to get the required information.
Specify the trace using the -T option after the capture-traffic command.
Perform the trace within the Cisco FMC GUI instead of the Cisco FTD CLI.
Question