Cisco FMC and ISE Integration Quiz

Questions and Answers

Which connector is required for the integration of Cisco ISE with Cisco FMC for Rapid Threat Containment?

pxGrid (correct)

FTD RTC

ISEGrid

FMC RTC

What is the maximum SHA level of filtering supported by Threat Intelligence Director?

SHA-512

SHA-4096

SHA-1024

SHA-256 (correct)

Which protocol is essential for exchanging threat details during rapid threat containment on Cisco FMC?

SNMP v3

BFD

pxGrid (correct)

SGT

Which statement about correlation policy configuration in Cisco Firepower Management Center is correct?

Adding a host profile qualification is permitted for rules triggered by malware events.

What happens to existing connections if the master unit fails in Cisco FTD clustering?

All connections are maintained by the newly elected master unit.

What is a key feature of self-signed certificates in Cisco FMC configuration with ISE?

They facilitate pxGrid node operation.

Which statement about the functionality of Cisco FMC in high availability scenarios is true?

Failover does not affect ongoing connections.

What is the function of the FMC when it comes to automated device registration?

It tracks and manages device registrations automatically.

What is the correct action to take when traffic is being automatically allowed without inspection?

Modify the rule action from trust to allow

What configuration should be implemented in Cisco FMC to analyze files for viruses on a sandbox system?

Dynamic analysis

In the context of network discovery policies, what adjustment can help reduce misleading events caused by NAT devices performing multiple OS updates?

Exclude load balancers and NAT devices

If an administrator notices failed deployment messages in Cisco FMC when configuring SNORT inspection policies, what could be a potential cause?

Insufficient system resources

What characterizes an 'Allow' rule in Cisco FMC?

It detects prohibited files and blocks them

Which strategy should be avoided when configuring network discovery policies to minimize event overload?

Including all types of network devices

When implementing dynamic analysis in Cisco FMC, which aspect is most critical?

Evaluating files in a controlled environment

What is the consequence of modifying the rule action from trust to allow in Cisco FMC?

Non-prohibited traffic may flow without restriction

Which option correctly describes the maintenance of VPN connections during the election of a new master unit?

Only existing connections are maintained.

Which statements are true about bridge-group interfaces in Cisco FTD? (Select two)

Bridge groups are supported in both transparent and routed firewall modes.

Which command is used on an FTD unit to associate it with an FMC manager at the IP address 10.0.0.10?

configure manager add 10.0.0.10 Cisco123

Which two actions can be used in an access control policy rule? (Select two)

Monitor

Which two routing options are valid with Cisco Firepower Threat Defense? (Select two)

BGPv6

What is expected when a new master unit is elected in the context of VPN connections?

Established connections will remain active.

Which statement regarding bridge groups is incorrect?

Only two bridge groups can be configured.

Which command format is correct for adding an FTD unit to an FMC?

configure manager add 10.0.0.10 Cisco123

What is the primary concern when security is prioritized over connectivity in Cisco Firepower?

It enables most rules to be activated.

Which approach should be taken to enable inspection for traffic when using Cisco Firepower?

Redirect interesting traffic to the intrusion engine.

In a scenario where a network analysis policy (NAP) is utilized, what is its primary function?

To preprocess and decode traffic.

In order to ensure minimal downtime during an upgrade of Cisco FMC managed devices, what should be prioritized?

Maintaining a current configuration backup.

What should be done to handle protocol anomalies using Snort rule sets on Cisco Firepower?

Modify the network analysis policy for packet processing.

When managing a hospital network's Cisco FMC devices, what is a critical step in the disaster recovery process?

Performing regular backups of critical configurations.

Which of the following states should be avoided when using Cisco Firepower for maximum detection?

Monitoring network anomalies only in labs.

What is an effect of having no rules active in a Cisco Firepower setup?

Acts as a default template for future configurations.

What is the primary role of Integrated Routing and Bridging (IRB)?

To enable multiple physical interfaces to be part of the same VLAN

Where can thresholding settings be configured?

Globally, within the network analysis policy

Which of the following accurately describes how access control policies operate on a Cisco Firepower system?

They interrupt traffic inspection when configurations change

Which function does Cisco AMP Threat Grid primarily serve?

Automated malware analysis

What is a consequence of deploying configuration changes in a Cisco Firepower system?

Traffic inspection can be interrupted temporarily

In an intrusion policy configuration, thresholds can be set for which of the following?

Per IPS shared object, standard text, or preprocessor rule

Which of the following methods is NOT a way access control policies can operate?

Conducting user authentication via biometrics

What is a primary reason for configuring thresholds in network analysis?

To define how often events from specific sources are logged

What impact does daylight saving time (DST) have on scheduled tasks in the system?

Tasks scheduled for 2:00 AM during standard time will run at 3:00 AM during DST.

What should be done to resolve the issue of SI events not updating in the Cisco FTD device?

Redeploy configurations to the affected devices to allocate additional memory.

What is the primary function of configuring the system clock settings to use NTP?

To synchronize the device time with external time servers.

Which rule type is necessary to limit access to a specific website while preventing access to others?

An access control policy rule allowing traffic only on specific ports.

If a task is scheduled for 2:00 AM during standard time, when will it run during daylight saving time?

3:00 AM during daylight saving time.

In what situation is it suggested to replace the Cisco FTD devices?

If the devices are consistently unable to process traffic due to memory limitations.

Which IP address should be allowed in the access control rule to fix access to a specific website?

172.1.1.50 only for port 443.

What is a potential consequence of not properly configuring NTP on the Cisco Firepower Management Center?

Scheduled tasks may run at unexpected times.

Study Notes

Cisco 300-710 Exam Notes

• Vendor: Cisco
• Exam Code: 300-710
• Exam Name: Securing Networks with Cisco Firepower (SNCF)
• Version: 23.111

CLI Commands

• QUESTION 1: system support ssl-client-hello-tuning is used to control special handling of ClientHello messages.
• QUESTION 2: configure high-availability suspend at the CLI temporarily stops high-availability on the primary Cisco FTD unit. Choosing "disable" permanently breaks high availability.
• QUESTION 3: system generate-troubleshoot all generates troubleshooting files on an FTD.

Troubleshooting Files

• Cisco FTDs use sudo sf_troubleshoot.pl or system generate-troubleshoot all to create troubleshooting logs. Detailed instructions are provided on the PassLeader documents.

Packet Capture

• QUESTION 4: Troubleshooting files generated with packet captures often require a specific file size command option. If packets exceed 32 MB, you might encounter issues.
• Packet capture file management should be considered when troubleshooting configurations.

Port Objects

• QUESTION 5: Port objects in Cisco FMC have a crucial role: representing protocols beyond just TCP, UDP, and ICMP.

Widgets

• QUESTION 6: Within the Cisco Firepower Management Center, widgets are managed on the dashboard.

Port Requirements & Communication

• QUESTION 7: To validate communication with a cloud service, certain port requirements on the Firepower Management Center must be verified. The required ports are TCP 443 and TCP 80.

HTTPS Certificates

• QUESTION 8: The maximum bit size for HTTPS certificates supported by Cisco FMC is 4096.

Multidomain Environment Limitations

• QUESTION 9: Limitations exist for dashboards in Cisco FMC's multidomain environment. Child domains primarily can view dashboards from ancestor domains, but cannot modify them

Description

Test your knowledge on the integration of Cisco Identity Services Engine (ISE) with Cisco Firepower Management Center (FMC) for Rapid Threat Containment. This quiz covers key protocols, filtering levels, and configuration policies relevant to network security. Perfect for IT professionals working with Cisco systems!