Cisco 300-710 Practice Test - Questions Answers, Page 5
Question list
List of questions
Related questions
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 applicationprotocols.
reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists
network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country
network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country
reputation-based objects, such as URL categories
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?
A manual NAT exemption rule does not exist at the top of the NAT table.
An external NAT IP address is not configured.
An external NAT IP address is configured to match the wrong interface.
An object NAT exemption rule does not exist at the top of the NAT table.
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?
The interfaces are being used for NAT for multiple networks.
The administrator is adding interfaces of multiple types.
The administrator is adding an interface that is in multiple zones.
The interfaces belong to multiple interface groups.
An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?
Modify the Cisco ISE authorization policy to deny this access to the user.
Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.
Add the unknown user in the Access Control Policy in Cisco FTD.
Add the unknown user in the Malware & File Policy in Cisco FTD.
A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?
Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
An engineer is using the configure manager add <FMC IP> Cisc402098527 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why Is this occurring?
The NAT ID is required since the Cisco FMC is behind a NAT device.
The IP address used should be that of the Cisco FTD. not the Cisco FMC.
DONOTRESOLVE must be added to the command
The registration key is missing from the command
An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?
interface-based VLAN switching
inter-chassis clustering VLAN
integrated routing and bridging
Cisco ISE Security Group Tag
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time.
What configuration change must be made to alleviate this issue?
Leave default networks.
Change the method to TCP/SYN.
Increase the number of entries on the NAT device.
Exclude load balancers and NAT devices.
An organization does not want to use the default Cisco Firepower block page when blocking HTTPtraffic. The organization wants to include information about its policies and procedures to helpeducate the users whenever a block occurs.
Which two steps must be taken to meet theserequirements? (Choose two.)
Modify the system-provided block page result using Python.
Create HTML code with the information for the policies and procedures.
Edit the HTTP request handling in the access control policy to customized block.
Write CSS code with the information for the policies and procedures.
Change the HTTP response in the access control policy to custom.
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?
Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.
Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.
Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.
Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.
Question