Cisco 300-710 Exam Questions and Answers PDF

Vendor: Cisco Exam Code: 300-710 Exam Name: Securing Networks with Cisco Firepower (SNCF) Version: 23.111 QUESTION 1 Which CLI command is used to control special handling of ClientHello messages? A. system support ssl-client-hello-tuning B. system support ssl-client-hello-display C. system support ssl-client-hello-force-reset D. system support ssl-client-hello-reset Answer: A QUESTION 2 Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high- availability? A. configure high-availability resume B. configure high-availability disable C. system support network-options D. configure high-availability suspend Answer: D Explanation: If you choose disable, you will PERMANENTLY break the high availability connection. The keyword here is "TEMPORARILY". https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699- configure-ftd-high-availability-on-firep.html QUESTION 3 Which command must be run to generate troubleshooting files on an FTD? A. system support view-files B. sudo sf_troubleshoot.pl C. system generate-troubleshoot all D. show tech-support Answer: C Explanation: Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 2 https://www.passleader.com/ https://www.cisco.com/c/en/us/support/docs/security/sourcefire-defense-center/117663-technote- SourceFire-00.html QUESTION 4 When do you need the file-size command option during troubleshooting with packet capture? A. when capture packets are less than 16 MB B. when capture packets are restricted from the secondary memory C. when capture packets exceed 10 GB D. when capture packets exceed 32 MB Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/troubleshooting_the_system.html QUESTION 5 What is a functionality of port objects in Cisco FMC? A. to mix transport protocols when setting both source and destination port conditions in a rule B. to represent protocols other than TCP, UDP, and ICMP C. to represent all protocols in the same way D. to add any protocol other than TCP or UDP for source port conditions in access control rules. Answer: B Explanation: A port object can represent other protocols that do not use ports. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/reusable_objects.html https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config- guide-v63/reusable_objects.html#ID-2243-00000364 Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 3 https://www.passleader.com/ QUESTION 6 Within Cisco Firepower Management Center, where does a user add or modify widgets? A. dashboard B. reporting C. context explorer D. summary tool Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Using_Dashboards.html QUESTION 7 A network engineer is configuring URL Filtering on Firepower Threat Defense. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.) A. outbound port TCP/443 B. inbound port TCP/80 C. outbound port TCP/8080 D. inbound port TCP/443 E. outbound port TCP/80 Answer: AE Explanation: https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852- technote-firesight-00.html https://community.cisco.com/t5/security-documents/ftd-url-filtering-how-it-works/ta-p/3347292 QUESTION 8 What is the maximum bit size that Cisco FMC supports for HTTPS certificates? A. 1024 B. 8192 C. 4096 D. 2048 Answer: C Explanation: Since version 6.2 (incl) all FMC versions supports 4096 HTTPS Certificates. https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config- guide-v61/system_configuration.html QUESTION 9 Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment? A. Child domains can view but not edit dashboards that originate from an ancestor domain. B. Child domains have access to only a limited set of widgets from ancestor domains. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 4 https://www.passleader.com/ C. Only the administrator of the top ancestor domain can view dashboards. D. Child domains cannot view dashboards that originate from an ancestor domain. Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Using_Dashboards.html QUESTION 10 An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network. The user is reporting that the file is not malicious. Which action does the engineer take to identify the file and validate whether or not it is malicious? A. Identify the file in the intrusion events and submit it to Threat Grid for analysis. B. Use FMC file analysis to look for the file and select Analyze to determine its disposition. C. Use the context explorer to find the file and download it to the local machine for investigation. D. Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious. Answer: A QUESTION 11 What is a behavior of a Cisco FMC database purge? A. User login and history data are removed from the database if the User Activity check box is selected. B. Data can be recovered from the device. C. The appropriate process is restarted. D. The specified data is removed from Cisco FMC and kept for two weeks. Answer: C Explanation: You can use the database purge page to purge discovery, identity, connection, and Security Intelligence data files from the FMC databases. Note that when you purge a database, the appropriate process is restarted. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/management_center_database_purge.pdf QUESTION 12 Which two packet captures does the FTD LINA engine support? (Choose two.) A. Layer 7 network ID B. source IP C. application ID D. dynamic firewall importing E. protocol Answer: BE Explanation: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with- Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 5 https://www.passleader.com/ firepower-threat-defense-f.html QUESTION 13 Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.) A. application blocking B. simple custom detection C. file repository D. exclusions E. application whitelisting Answer: AB Explanation: Configure custom malware detection policies and profiles for your entire organization, as well as perform flash and full scans on all your users’ files perform malware analysis, including view heat maps, detailed file information, network file trajectory, and threat root causes configure multiple aspects of outbreak control, including automatic quarantines, application blocking to stop non- quarantined executables from running, and exclusion lists. https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Reference_a_wrapper_Chapter_topic_here.html#id_96014 QUESTION 14 Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware? A. Add the malicious file to the block list. B. Send a snapshot to Cisco for technical support. C. Forward the result of the investigation to an external threat-analysis engine. D. Wait for Cisco Threat Response to automatically block the malware. Answer: A QUESTION 15 Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively? A. Windows domain controller B. audit C. triage D. protection Answer: B Explanation: Log the detection: In this mode, the identified malicious process is not blocked by MAP, but the detection is logged in the AMP for Endpoints console. (This is Audit mode, where no blocking or quarantine action happens, but the detection is logged.) https://www.cisco.com/c/en/us/products/collateral/security/amp-for-endpoints/white-paper-c11- 740980.html Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 6 https://www.passleader.com/ QUESTION 16 What is a valid Cisco AMP file disposition? A. non-malicious B. malware C. known-good D. pristine Answer: B Explanation: Disposition: malware, clean or unknown https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/file_malware_events_and_network_file_trajectory.html QUESTION 17 In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached? A. unavailable B. unknown C. clean D. disconnected Answer: A Explanation: Unavailable indicates that the system could not query the AMP cloud. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/file_malware_events_and_network_file_trajectory.html QUESTION 18 Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.) A. dynamic null route configured B. DHCP pool disablement C. quarantine D. port shutdown E. host shutdown Answer: CD Explanation: Firepower 6.1 Remediation module allows Firepower system to use ISE EPS capabilities (quarantine, unquarantine, port shutdown) as a remediation when correlation rule is matched. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/210524-configure- firepower-6-1-pxgrid-remediati.html QUESTION 19 Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment? A. pxGrid Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 7 https://www.passleader.com/ B. FTD RTC C. FMC RTC D. ISEGrid Answer: A Explanation: The FireSIGHT Management Center (FMC) is configured for using self-signed certificates for ISE pxGrid node operation. QUESTION 20 What is the maximum SHA level of filtering that Threat Intelligence Director supports? A. SHA-1024 B. SHA-4096 C. SHA-512 D. SHA-256 Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/cisco_threat_intelligence_directortid_.html QUESTION 21 Drag and Drop Question Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used. Answer: Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 8 https://www.passleader.com/ Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/firepower_management_center_high_availability.html#id_32288 QUESTION 22 Which protocol is needed to exchange threat details in rapid threat containment on Cisco FMC? A. SGT B. SNMP v3 C. BFD D. pxGrid Answer: D QUESTION 23 Which description of a correlation policy configuration in the Cisco Firepower Management Center is true? A. The system displays correlation policies that are created on all of the domains in a multidomain deployment B. Deleting a response group deletes the responses of that group C. You cannot add a host profile qualification to a correlation rule that is triggered by a malware event D. Correlation policy priorities override whitelist priorities Answer: C QUESTION 24 What is a result of enabling Cisco FTD clustering? A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 9 https://www.passleader.com/ B. Integrated Routing and Bridging is supported on the master unit. C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails. D. All Firepower appliances can support Cisco FTD clustering. Answer: C Explanation: Remote access VPN is not supported with clustering. VPN functionality is limited to the control unit and does not take advantage of the cluster high availability capabilities. If the control unit fails, all existing VPN connections are lost, and VPN users will see a disruption in service. When a new control unit is elected, you must re-establish the VPN connections. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/clustering_for_the_firepower_threat_defense.html QUESTION 25 Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.) A. The units must be the same version B. Both devices can be part of a different group that must be in the same domain when configured within the FMC. C. The units must be different models if they are part of the same series. D. The units must be configured only for firewall routed mode. E. The units must be the same model. Answer: AE Explanation: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699- configure-ftd-high-availability-on-firep.html QUESTION 26 On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface? A. transparent inline mode B. TAP mode C. strict TCP enforcement D. propagate link state Answer: B Explanation: Link state propagation automatically brings down the second interface in the inline interface pair when one of the interfaces in an inline set goes down. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html With tap mode, the FTD is deployed inline, but the network traffic flow is undisturbed. https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config- guide- v65/interface_overview_for_firepower_threat_defense.html#concept_DB45E8BBB07946728427F F98DB2DC56D Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 10 https://www.passleader.com/ QUESTION 27 What are the minimum requirements to deploy a managed device inline? A. inline interfaces, security zones, MTU, and mode B. passive interface, MTU, and mode C. inline interfaces, MTU, and mode D. passive interface, security zone, MTU, and mode Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config- guide-v65/ips_device_deployments_and_configuration.html QUESTION 28 What is the difference between inline and inline tap on Cisco Firepower? A. Inline tap mode can send a copy of the traffic to another device. B. Inline tap mode does full packet capture. C. Inline mode cannot do SSL decryption. D. Inline mode can drop malicious traffic. Answer: D Explanation: A threat defense in inline interface mode can block unintended traffic while it remains invisible to the network hosts. Inline mode allows a threat defense to block traffic based on the access control and intrusion rules you enable. QUESTION 29 With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance? A. inline set B. passive C. routed D. inline tap Answer: D Explanation: With tap mode, the FTD is deployed inline, but the network traffic flow is undisturbed. Instead, the FTD makes a copy of each packet so that it can analyze the packets. Note that rules of these types do generate intrusion events when they are triggered, and the table view of intrusion events indicates that the triggering packets would have dropped in an inline deployment. There are benefits to using tap mode with FTDs that are deployed inline. QUESTION 30 Which two deployment types support high availability? (Choose two.) A. transparent B. routed C. clustered Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 11 https://www.passleader.com/ D. intra-chassis multi-instance E. virtual appliance in public cloud Answer: AB Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config- guide-v61/firepower_threat_defense_high_availability.html QUESTION 31 What are 2 types or forms of suppression on a FirePower policy (or FTD)? A. source B. port C. rule D. protocol E. application Answer: AC QUESTION 32 Which two dynamic routing protocols are supported in FirePower Threat Defense v6.0? (Choose Two) A. IS-IS B. BGP C. OSPF D. static routing E. EIGRP Answer: BC QUESTION 33 Which protocol establishes network redundancy in a switched Firepower device deployment? A. STP B. HSRP C. GLBP D. VRRP Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/fpmc-config-guide-v60_chapter_01101000.html QUESTION 34 Which interface type allows packets to be dropped? A. passive B. inline Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 12 https://www.passleader.com/ C. ERSPAN D. TAP Answer: B Explanation: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring- firepower-threat-defense-int.html QUESTION 35 Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.) A. Redundant Interface B. EtherChannel C. Speed D. Media Type E. Duplex Answer: CE Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd- fdm-interfaces.html QUESTION 36 Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.) A. EIGRP B. OSPF C. static routing D. IS-IS E. BGP Answer: BE Explanation: Both OSPF and BGP can be configured with Smart CLI without FlexConfig https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd- fdm-routing.html Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 13 https://www.passleader.com/ QUESTION 37 Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI? A. a default DMZ policy for which only a user can change the IP addresses. B. deny ip any C. no policy rule is included D. permit ip any Answer: C Explanation: No policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI. The administrator must create the necessary policy rules to allow traffic to and from the DMZ. QUESTION 38 What are two application layer preprocessors? (Choose two.) A. CIFS B. IMAP C. SSL D. DNP3 E. ICMP Answer: BC Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Application_Layer_Preprocessors.html QUESTION 39 Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 14 https://www.passleader.com/ (Choose two.) A. OSPFv2 with IPv6 capabilities B. virtual links C. SHA authentication to OSPF packets D. area boundary router type 1 LSA filtering E. MD5 authentication to OSPF packets Answer: BE Explanation: The Firepower Threat Defense device supports the following OSPF features: Intra-area, inter-area, and external (Type I and Type II) routes. Virtual links. LSA flooding. Authentication to OSPF packets (both password and MD5 authentication). Configuring the Firepower Threat Defense device as a designated router or a designated backup router. The Firepower Threat Defense device also can be set up as an ABR. Stub areas and not-so-stubby areas. Area boundary router Type 3 LSA filtering. https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config- guide-v61/ospf_for_firepower_threat_defense.html QUESTION 40 With Cisco FirePOWER Threat Defense software, which interface mode do you configure for an IPS deployment, where traffic passes through the appliance but does not require VLAN rewriting? A. inline set B. passive C. inline tap D. routed E. transparent Answer: D QUESTION 41 What Software can be installed on the Cisco 4100 series appliance? (Choose two) A. FTD B. ASA C. ASAv D. FMC Answer: AB QUESTION 42 Which two field can be used to create a new email alert within the Cisco Firepower Management center under Policies > Actions > Alerts tab? (Choose two.) A. Device B. Source Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 15 https://www.passleader.com/ C. Destination D. From E. Relay Host Answer: DE QUESTION 43 When creating a report template, how can the results be limited to show only the activity of a specific subnet? A. Create a custom search in Firepower Management Center and select it in each section of the report. B. Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP. C. Add a Table View section to the report with the Search field defined as the network in CIDR format. D. Select IP Address as the X-Axis in each section of the report. Answer: B Explanation: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System- UserGuide-v5401/Reports.html#87267 QUESTION 44 What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment? A. VPN connections can be re-established only if the failed master unit recovers. B. Smart License is required to maintain VPN connections simultaneously across all cluster units. C. VPN connections must be re-established when a new master unit is elected. D. Only established VPN connections are maintained when a new master unit is elected. Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster- solution.html#concept_g32_yml_y2b QUESTION 45 Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.) A. The BVI IP address must be in a separate subnet from the connected network. B. Bridge groups are supported in both transparent and routed firewall modes. C. Bridge groups are supported only in transparent firewall mode. D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge- group members. E. Each directly connected network must be on the same subnet. Answer: BE Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html QUESTION 46 Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 16 https://www.passleader.com/ Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123? A. configure manager local 10.0.0.10 Cisco123 B. configure manager add Cisco123 10.0.0.10 C. configure manager local Cisco123 10.0.0.10 D. configure manager add 10.0.0.10 Cisco123 Answer: D Explanation: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215540-configure-verify-and- troubleshoot-firep.html QUESTION 47 Which two actions can be used in an access control policy rule? (Choose two.) A. Block with Reset B. Monitor C. Analyze D. Discover E. Block ALL Answer: AB Explanation: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa- firepower-module-user-guide-v541/AC-Rules-Tuning-Overview.html#71854 QUESTION 48 Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.) A. BGPv6 B. ECMP with up to three equal cost paths across multiple interfaces C. ECMP with up to three equal cost paths across a single interface D. BGPv4 in transparent firewall mode E. BGPv4 with nonstop forwarding Answer: AC Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config- guide-v601/fpmc-config-guide-v60_chapter_01100011.html Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 17 https://www.passleader.com/ QUESTION 49 Which description of a correlation, policy configuration in the Cisco Firepower Management Center, is true? A. Correlation policy priorities override whitelist priorities. B. The system displays correlation policies that are created on all of the domains in a multidomain deployment. C. You cannot add a host profile qualification to a correlation rule that is triggered by a malware event. D. Deleting a response group deletes the responses of that group. Answer: C QUESTION 50 Which two TCP ports can allow the Cisco Firepower Management Center to communication with FireAMP cloud for file disposition information? (Choose two.) A. 8080 B. 22 C. 8305 D. 32137 E. 443 Answer: DE QUESTION 51 Which object type supports object overrides? A. time range B. security group tag C. network object D. DNS server group Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 18 https://www.passleader.com/ Answer: C Explanation: Object Overrides supported are: Network Port VLAN tag URL https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Reusable_Objects.html#concept_8BFE8B9A83D742D9B647A74F7AD50053 QUESTION 52 Which Cisco Firepower rule action displays an HTTP warning page? A. Monitor B. Block C. Interactive Block D. Allow with Warning Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System- UserGuide-v5401/AC-Rules-Tuning-Overview.html#76698 QUESTION 53 What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface? A. The rate-limiting rule is disabled. B. Matching traffic is not rate limited. C. The system rate-limits all traffic. D. The system repeatedly generates warnings. Answer: B Explanation: If you specify a limit greater than the maximum throughput of an interface, the system does not rate limit matching traffic. Maximum throughput may be affected by an interface’s hardware configuration, which you specify in each device’s properties (Devices > Device Management). https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/quality_of_service__qos__for_firepower_threat_defense.html QUESTION 54 Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces? A. FlexConfig B. BDI C. SGT D. IRB Answer: D Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 19 https://www.passleader.com/ Explanation: Integrated Routing and Bridging (IRB) : Customers often want to have multiple physical interfaces configured to be part of the same VLAN. The IRB feature meets this demand by allowing users to configure bridges in routed mode, and enables the devices to perform L2 switching between interfaces (including subinterfaces). https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Releas e_Notes_Version_620/new_features_and_functionality.html QUESTION 55 In which two places can thresholding settings be configured? (Choose two.) A. on each IPS rule B. globally, within the network analysis policy C. globally, per intrusion policy D. on each access control rule E. per preprocessor, within the network analysis policy Answer: AC Explanation: You can set a global threshold across all traffic to limit how often events from a specific source or destination are logged and displayed per specified time period. For more information, see Understanding Thresholding, page 22-1 and Configuring Global Thresholds, page 22-3. You can set thresholds per shared object rule, standard text rule, or preprocessor rule in your intrusion policy configuration, as described in Configuring Event Thresholding, page 20-21. https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa- firepower-module-user-guide-v541/Intrusion-Global-Threshold.pdf QUESTION 56 In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.) A. Traffic inspection can be interrupted temporarily when configuration changes are deployed. B. The system performs intrusion inspection followed by file inspection. C. They can block traffic based on Security Intelligence data. D. File policies use an associated variable set to perform intrusion prevention. E. The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters. Answer: AC Explanation: When deploying changes SNORT can restart causing traffic interuptions. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/policy_management.html#reference_F11C552688424DEF85ED145FA97283B7 QUESTION 57 Which function is the primary function of Cisco AMP threat Grid? A. automated email encryption B. applying a real-time URI blacklist C. automated malware analysis D. monitoring network traffic Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 20 https://www.passleader.com/ Answer: C QUESTION 58 Which two feature does Cisco Trust Anchor support? (Choose two.) A. flood attack detection. B. secure boot C. image signing D. DDoS mitigation E. SYN flood detection Answer: BC QUESTION 59 Which two types of objects are reusable and supported by Cisco FMC? (Choose two.) A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols. B. reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists C. network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country D. network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country E. reputation-based objects, such as URL categories Answer: BC Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config- guide-v67/reusable_objects.html QUESTION 60 What is the benefit of selecting the trace option for packet capture? A. The option indicates whether the packet was dropped or successful. B. The option indicated whether the destination host responds through a different path. C. The option limits the number of packets that are captured. D. The option captures details of each packet. Answer: A Explanation: Packet capture is available with the trace option, which provides you with a verdict as to whether the packet is dropped or successful. https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config- guide- v65/troubleshooting_the_system.html#:~:text=Packet%20capture%20is%20available%20with%2 0the%20trace%20option%2C%20which%20provides%20you%20with%20a%20verdict%20as%2 0to%20whether%20the%20packet%20is%20dropped%20or%20successful QUESTION 61 Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 21 https://www.passleader.com/ After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file? A. /etc/sf/DCMIB.ALERT B. /sf/etc/DCEALERT.MIB C. /etc/sf/DCEALERT.MIB D. system/etc/DCEALERT.MIB Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa- firepower-module-user-guide-v541/Intrusion-External-Responses.pdf QUESTION 62 Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server? A. system generate-troubleshoot B. show configuration session C. show managers D. show running-config | include manager Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_ for_Firepower_Threat_Defense/c_3.html QUESTION 63 Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface? A. configure coredump packet-engine enable B. capture-traffic C. capture D. capture WORD Answer: C Explanation: The command "capture-traffic" is used for SNORT Engine Captures. To capture a LINA Engine Capture, you use the "capture" command. Since the Lina Engine represents the actual physical interface of the device, "capture" is the only reasonable choice Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working- with-firepower-threat-defense-f.html#anc10 QUESTION 64 How many report templates does the Cisco Firepower Management Center support? A. 20 B. 10 Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 22 https://www.passleader.com/ C. 5 D. unlimited Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Working_with_Reports.html QUESTION 65 Which action should be taken after editing an object that is used inside an access control policy? A. Delete the existing object in use. B. Refresh the Cisco FMC GUI for the access control policy. C. Redeploy the updated configuration. D. Create another rule using a different object name. Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config- guide-v63/reusable_objects.html QUESTION 66 Which two characteristics represent a Cisco device operating in tap mode? (Choose two.) A. It analyzes copies of packets from the packet flow B. The device is deployed in a passive configuration C. If a rule is triggered the device generates an intrusion event. D. The packet flow traverses the device E. If a rule is triggered the device drops the packet Answer: AD Explanation: The two characteristics that represent a Cisco device operating in tap mode are: A. It analyzes copies of packets from the packet flow. D. The packet flow traverses the device. In tap mode, a Cisco device creates a copy of the traffic flowing through it, which can then be analyzed by a monitoring device. The original traffic is not affected, and continues to flow through the network as normal. QUESTION 67 When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud for analysis? A. Spero analysis B. dynamic analysis C. sandbox analysis D. malware analysis Answer: B Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 23 https://www.passleader.com/ QUESTION 68 Which Cisco Firepower feature is used to reduce the number of events received in a period of time? A. rate-limiting B. suspending C. correlation D. thresholding Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa- firepower-module-user-guide-v541/Intrusion-Global-Threshold.html QUESTION 69 Which report template field format is available in Cisco FMC? A. box lever chart B. arrow chart C. bar chart D. benchmark chart Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Working_with_Reports.html QUESTION 70 Which group within Cisco does the Threat Response team use for threat analysis and research? A. Cisco Deep Analytics B. OpenDNS Group C. Cisco Network Response D. Cisco Talos Answer: D Explanation: https://www.cisco.com/c/en/us/products/security/threat-response.html#~benefits QUESTION 71 Which CLI command is used to generate firewall debug messages on a Cisco Firepower? A. system support firewall-engine-debug B. system support ssl-debug C. system support platform D. system support dump-table Answer: A Explanation: Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 24 https://www.passleader.com/ https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212330-firepower- management-center-display-acc.html QUESTION 72 Which command-line mode is supported from the Cisco Firepower Management Center CLI? A. privileged B. user C. configuration D. admin Answer: C Explanation: The CLI encompasses four modes. The default mode, CLI Management, includes commands for navigating within the CLI itself. The remaining modes contain commands addressing three different areas of Firepower Management Center functionality; the commands within these modes begin with the mode name: system, show, or configure. https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config- guide-v66/command_line_reference.pdf QUESTION 73 Which command is entered in the Cisco FMC CLI to generate a troubleshooting file? A. show running-config B. show tech-support chassis C. system support diagnostic-cli D. sudo sf_troubleshoot.pl Answer: D Explanation: Enter this command on the Firepower Management Center in order to generate a troubleshoot file: admin@FMC:~$ sudo sf_troubleshoot.pl https://www.cisco.com/c/en/us/support/docs/security/sourcefire-defense-center/117663-technote- SourceFire-00.html QUESTION 74 While configuring FTD, a network engineer wants to ensure that traffic passing through the appliance does not require routing or Vlan rewriting. Which interface mode should the engineer implement to accomplish this task? A. passive B. transparent C. Inline tap D. Inline set Answer: D Explanation: Passive: traffic does not flow through the IPS. Inline Tap: it gets a copy of the packets, traffic does not flow through the IPS. Transparent: it is Transparent inline mode, then this can be an answer as well. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 25 https://www.passleader.com/ Inline set: it is called bump-on-wire mode. Traffic passes through the appliance, but it does not require routing and Vlan rewriting. https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config- guide-v63/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html QUESTION 75 With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface? A. switch virtual B. bridge group member C. bridge virtual D. subinterface Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html QUESTION 76 A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an FTD device in routed mode? A. by leveraging the ARP to direct traffic through the firewall B. by assigning an inline set interface C. by using a BVI and create a BVI IP address in the same subnet as the user segment D. by bypassing protocol inspection by leveraging pre-filter rules Answer: C Explanation: You can Have here BVI with no name and in that way the BVI acts as transparent firewall. So with that you have extended LAN network, the Gateway stays the same ( ex. GW is 192.168.1.1 and BVI is 192.168.1.2) so nothing changes for users. If you go with Inline, you do not extend network, Inline only has inline par interfaces and that does not extend the LAN. QUESTION 77 Refer to the exhibit. And engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network. How is the Firepower configuration updated to protect these new operating systems? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 26 https://www.passleader.com/ A. Cisco Firepower automatically updates the policies. B. The administrator requests a Remediation Recommendation Report from Cisco Firepower C. Cisco Firepower gives recommendations to update the policies. D. The administrator manually updates the policies. Answer: C Explanation: Firepower Recommendations for IPS policies is a tool that work with network discovery to apply recommendations to IPS policies, but you have to apply that unless you configure your custom IPS policy to automatically take recommendations (not suggested for low end FW like 1010 because of the memory limit). https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Tailoring_Intrusion_Protection_to_Your_Network_Assets.html QUESTION 78 A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules? A. utilizing policy inheritance B. utilizing a dynamic ACP that updates from Cisco Talos C. creating a unique ACP per device D. creating an ACP with an INSIDE_NET network object and object overrides Answer: D QUESTION 79 An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration? A. identity B. Intrusion C. Access Control D. Prefilter Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 27 https://www.passleader.com/ Answer: C Explanation: ACP - Every access control rule has an action that determines how the system handles and logs matching traffic. You can either perform an allow, trust, monitor, block, or block with reset action on an access control rule. Prefilter - A rule's action determines how the system handles and logs matching traffic. You can either perform a fastpath and block. QUESTION 80 An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10 10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network. What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection? A. Delete and reregister the device to Cisco FMC B. Update the IP addresses from IFV4 to IPv6 without deleting the device from Cisco FMC C. Format and reregister the device to Cisco FMC. D. Cisco FMC does not support devices that use IPv4 IP addresses. Answer: A Explanation: If you registered a FMC and a device using IPv4 and want to convert them to IPv6, you must delete and reregister the device. https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config- guide-v70/device_management_basics.html QUESTION 81 After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user. Which widget should be configured to provide this visibility on the Cisco Firepower dashboards? A. Custom Analysis B. Current Status C. Current Sessions D. Correlation Events Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config- guide-v622/dashboards.html#ID-2206-00000283 QUESTION 82 An administrator is attempting to remotely log into a switch in the data centre using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall? A. by running Wireshark on the administrator's PC B. by performing a packet capture on the firewall. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 28 https://www.passleader.com/ C. by running a packet tracer on the firewall. D. by attempting to access it from a different workstation. Answer: B Explanation: Packet Tracer will not show that packet comes to FTD. We need to capture relevant traffic. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with- firepower-threat-defense-f.html#anc16 QUESTION 83 An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit. What is causing this issue? A. The primary FMC currently has devices connected to it. B. The code versions running on the Cisco FMC devices are different C. The licensing purchased does not include high availability D. There is only 10 Mbps of bandwidth between the two devices. Answer: B Explanation: FMC High Availability. High Availability is available on physical Firepower Management Center appliances (and FMCv since 6.7. 0). Before configuring FMC HA make sure that: Hardware is identical (no mix and match between virtual and/or physical form factors) Software release is identical on both FMCs There are no sensors registered to the secondary FMC https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/firepower_management_center_high_availability.html QUESTION 84 The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop events, which are overshadowing high priority events. An engineer has been tasked with reviewing the policies and reducing the low priority events. Which action should be configured to accomplish this task? A. generate events B. drop packet C. drop connection D. drop and generate Answer: B Explanation: Rule actions may be set to: Generate events – Log the connection, but take no action Drop and generate events – Drop the traffic, and log the connection Disabled – Do nothing; This rule is not in use Currently, the rule is set to Drop and Generate Events and the event on the dashboard is inundated with low priority intrusion drop events, and they are asking to reduce it. To reduce amount of events we need to drop packets. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 29 https://www.passleader.com/ QUESTION 85 An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual Firepower devices working separately inside of the FTD appliance to provide traffic segmentation. Which deployment mode should be configured in the Cisco Firepower Management Console to support these requirements? A. multiple deployment B. single-context C. single deployment D. multi-instance Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/multi-instance/multi- instance_solution.html#concept_vc4_2lh_3hb QUESTION 86 Which two considerations must be made when deleting and re-adding devices while managing them via Cisco FMC? (Choose two). A. Before re-adding the device In Cisco FMC, the manager must be added back. B. The Cisco FMC web interface prompts users to re-apply access control policies. C. Once a device has been deleted, It must be reconfigured before it is re-added to the Cisco FMC. D. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the polices after registration is completed. E. There is no option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed. Answer: BE Explanation: When a device is deleted and then re-added, the Firepower Management Center web interface prompts you to re-apply your access control policies. However, there is no option to re-apply the NAT and VPN policies during registration. Any previously applied NAT or VPN configuration will be removed during registration and must be re-applied after registration is complete. https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Device_Management_Basics.html QUESTION 87 An engineer is configuring a cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interface mode should be used to meet these requirements? A. transparent B. routed C. passive D. inline set Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config- guide-v63/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 30 https://www.passleader.com/ QUESTION 88 An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this? A. Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly B. Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly C. Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall. D. Use the system support network-options command to fine tune the policy. Answer: A QUESTION 89 What is the advantage of having Cisco Firepower devices send events to Cisco Threat response via the security services exchange portal directly as opposed to using syslog? A. Firepower devices do not need to be connected to the internet. B. All types of Firepower devices are supported. C. Supports all devices that are running supported versions of Firepower D. An on-premises proxy server does not need to set up and maintained Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/integrations/CTR/Firepower_and_Cisco _Threat_Response_Integration_Guide/about_integrating_firepower_and_cisco_threat_response. html QUESTION 90 An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanism should be used to accomplish this task? A. event viewer B. reports C. dashboards D. context explorer Answer: B QUESTION 91 An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation. How will this issue be addresses globally in the quickest way possible and with the least amount of impact? A. by denying outbound web access B. Cisco Talos will automatically update the policies. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 31 https://www.passleader.com/ C. by Isolating the endpoint D. by creating a URL object in the policy to block the website Answer: D QUESTION 92 An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation. During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass. Which default policy should be used? A. Maximum Detection B. Security Over Connectivity C. Balanced Security and Connectivity D. Connectivity Over Security Answer: D Explanation: Balanced Security and Connectivity - A compromise of speed and detection. Connectivity over Security - Used when connectivity is more important. Only the most critical rules are enabled. Security over Connectivity - When connectivity is the secondary concern. Enables most rules. May result in higher false positives. Maximum detection - Every rule is turned on, and will likely result in false positives. Best to only use this for labs and testing No Rules Active - All rules are disabled. Would generally only be used as a template. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd- fdm-intrusion.html QUESTION 93 An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished? A. Modify the network discovery policy to detect new hosts to inspect. B. Modify the access control policy to redirect interesting traffic to the engine. C. Modify the intrusion policy to determine the minimum severity of an event to inspect. D. Modify the network analysis policy to process the packets for inspection. Answer: B Explanation: A network analysis policy (NAP) governs how traffic is decoded and preprocessed so that it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt. To apply intrusion policies to network traffic, you select the policy within an access control rule that allows traffic. You do not directly assign intrusion policies. QUESTION 94 A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 32 https://www.passleader.com/ A. Configure a second circuit to an ISP for added redundancy B. Keep a copy of the current configuration to use as backup C. Configure the Cisco FMCs for failover D. Configure the Cisco FMC managed devices for clustering. Answer: B Explanation: Cisco Threat Intelligence Director (TID) and High Availability Configurations If you host TID on the active Firepower Management Center in a high availability configuration, the system does not synchronize TID configurations and TID data to the standby Firepower Management Center. We recommend performing regular backups of TID data on your active Firepower Management Center so that you can restore the data after failover. https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config- guide-v66/firepower_management_center_high_availability.html QUESTION 95 An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks. What must be configured in order to maintain data privacy for both departments? A. Use a dedicated IPS inline set for each department to maintain traffic separation B. Use 802.1Q mime set Trunk interfaces with VLANs to maintain logical traffic separation C. Use passive IDS ports for both departments D. Use one pair of inline set in TAP mode for both departments Answer: A Explanation: Inline sets and passive interfaces support physical interfaces and EtherChannels only, and cannot use redundant interfaces, VLANs, and so on. Firepower 4100/9300 subinterfaces are also not supported for IPS-only interfaces. For inline sets and passive interfaces, the FTD supports up to two 802.1Q headers in a packet (also known as Q-in-Q support), with the exception of the Firepower 4100/9300, which only supports one 802.1Q header. Note: Firewall-type interfaces do not support Q-in-Q, and only support one 802.1Q header. QUESTION 96 With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance? A. ERSPAN B. IPS-only C. firewall D. tap Answer: D Explanation: With tap mode, the FTD is deployed inline, but the network traffic flow is undisturbed. Instead, the FTD makes a copy of each packet so that it can analyze the packets. Note that rules of these types do generate intrusion events when they are triggered, and the table view of intrusion events indicates that the triggering packets would have dropped in an inline deployment. There are benefits to using tap mode with FTDs that are deployed inline. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 33 https://www.passleader.com/ QUESTION 97 A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace? A. The destination MAC address is optional if a VLAN ID value is entered B. Only the UDP packet type is supported C. The output format option for the packet logs unavailable D. The VLAN ID and destination MAC address are optional Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/troubleshooting_the_system.html QUESTION 98 What is a characteristic of bridge groups on a Cisco FTD? A. In routed firewall mode, routing between bridge groups must pass through a routed interface. B. In routed firewall mode, routing between bridge groups is supported. C. In transparent firewall mode, routing between bridge groups is supported D. Routing between bridge groups is achieved only with a router-on-a-stick configuration on a connected router Answer: B Explanation: In routed mode: The BVI acts as the gateway between the bridge group and other routed interfaces. To route between bridge groups/routed interfaces, you must name the BVI. For some interface- based features, you can use the BVI itself. https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general- config/intro-fw.pdf QUESTION 99 Network traffic coining from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic? A. Configure firewall bypass. B. Change the intrusion policy from security to balance. C. Configure a trust policy for the CEO. D. Create a NAT policy just for the CEO. Answer: C QUESTION 100 An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for clients or servers, how is segmentation achieved? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 34 https://www.passleader.com/ A. Deploy a firewall in transparent mode between the clients and servers. B. Change the IP addresses of the clients, while remaining on the same subnet. C. Deploy a firewall in routed mode between the clients and servers D. Change the IP addresses of the servers, while remaining on the same subnet Answer: A Explanation: Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices. However, like any other firewall, access control between interfaces is controlled, and all of the usual firewall checks are in place. Layer 2 connectivity is achieved by using a "bridge group" where you group together the inside and outside interfaces for a network, and the Firepower Threat Defense device uses bridging techniques to pass traffic between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to which you assign an IP address on the network. You can have multiple bridge groups for multiple networks. In transparent mode, these bridge groups cannot communicate with each other. QUESTION 101 In a multi-tenant deployment where multiple domains are in use. Which update should be applied outside of the Global Domain? A. minor upgrade B. local import of intrusion rules C. Cisco Geolocation Database D. local import of major upgrade Answer: B Explanation: In a multidomain deployment, you can import local intrusion rules in any domain. You can view local intrusion rules imported in the current domain and ancestor domains. https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config- guide-v67/system_software_updates.html QUESTION 102 A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition. The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal? A. Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance. B. Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance. C. Deploy multiple Cisco FTD HA pairs to increase performance D. Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster- solution.html#concept_C8502505F840451C9E600F1EED9BC18E Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 35 https://www.passleader.com/ QUESTION 103 An organization has seen a lot of traffic congestion on their links going out to the internet There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination? A. Create a flexconfig policy to use WCCP for application aware bandwidth limiting B. Create a VPN policy so that direct tunnels are established to the business applications C. Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses D. Create a QoS policy rate-limiting high bandwidth applications Answer: D QUESTION 104 An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart? A. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices. B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy. C. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices. D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy. Answer: A Explanation: Note that access control rules that deploy these file policy configurations to security zones or tunnel zones cause a restart only when your configuration meets the following conditions: Source or destination security zones in your access control rule must match the security zones associated with interfaces on the target devices. Unless the destination zone in you access control rule is any, a source tunnel zone in the rule must match a tunnel zone assigned to a tunnel rule in the prefilter policy. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/policy_management.html QUESTION 105 An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information. Which two widgets must be configured to provide this information? (Choose two.) A. Intrusion Events B. Correlation Information C. Appliance Status D. Current Sessions E. Network Compliance Answer: AC Explanation: Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 36 https://www.passleader.com/ https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/dashboards.html#ID-2206-00000283 QUESTION 106 An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue? A. Confirm that both devices have the same port-channel numbering B. Confirm that both devices are running the same software version C. Confirm that both devices are configured with the same types of interfaces D. Confirm that both devices have the same flash memory sizes Answer: D Explanation: The devices must have the same type and number of interfaces and software needs to be on same version. However, the question is specifically touching on synchronization issues. If you are using units with different flash memory sizes in your High Availability configuration, make sure the unit with the smaller flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger flash memory to the unit with the smaller flash memory will fail. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/firepower_threat_defense_high_availability.html QUESTION 107 There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic. What is a result of enabling TLS'SSL decryption to allow this visibility? A. It prompts the need for a corporate managed certificate B. It has minimal performance impact C. It is not subject to any Privacy regulations D. It will fail if certificate pinning is not enforced Answer: A QUESTION 108 An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements? A. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies B. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic C. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic. D. Tune the intrusion policies in order to allow the VPN traffic through without inspection Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd- Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 37 https://www.passleader.com/ fdm-ravpn.html QUESTION 109 A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyse the file in the Talos cloud? A. Spero analysis B. Malware analysis C. Dynamic analysis D. Sandbox analysis Answer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Reference_a_wrapper_Chapter_topic_here.html QUESTION 110 An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC. What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails? A. Configure high-availability in both the primary and secondary Cisco FMCs B. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length. C. Place the active Cisco FMC device on the same trusted management network as the standby device D. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/firepower_management_center_high_availability.html QUESTION 111 An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco388267669. Which command set must be used in order to accomplish this? A. configure manager add ACME001 B. configure manager add ACME0O1 C. configure manager add DONTRESOLVE AMCE001 D. configure manager add registration key> ACME001 Answer: D Explanation: https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596- configure-firesight-00.html Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 38 https://www.passleader.com/ QUESTION 112 Refer to the exhibit. An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed. What must be done to address this issue? A. Modify the selected application within the rule B. Change the intrusion policy to connectivity over security. C. Modify the rule action from trust to allow D. Add the social network URLs to the block list Answer: C Explanation: Rule 4: Allow is the final rule. For this rule, matching traffic is allowed; however, prohibited files, malware, intrusions, and exploits within that traffic are detected and blocked. Remaining non- prohibited, non-malicious traffic is allowed to its destination, though it is still subject to identity requirements and rate limiting. You can configure Allow rules that perform only file inspection, or only intrusion inspection, or neither. https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config- guide-v66/access_control_rules.html QUESTION 113 A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system? A. Capacity handling B. Local malware analysis C. Spere analysis D. Dynamic analysis Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Reference_a_wrapper_Chapter_topic_here.html#ID-2199-000005fa Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 39 https://www.passleader.com/ QUESTION 114 An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue? A. Leave default networks. B. Change the method to TCP/SYN. C. Increase the number of entries on the NAT device. D. Exclude load balancers and NAT devices. Answer: D Explanation: The system can identify many load balancers and NAT devices by examining your network traffic. https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Network_Discovery_Policies.html QUESTION 115 administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot? A. A Troubleshoot" file for the device in question. B. A "show tech" file for the device in question C. A "show tech" for the Cisco FMC. D. A "troubleshoot" file for the Cisco FMC Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/troubleshooting_the_system.html QUESTION 116 An engineer is troubleshooting a device that cannot connect to a web server. The connection is initiated from the Cisco FTD inside interface and attempting to reach 10.0.1.100 over the non- standard port of 9443. The host the engineer is attempting the connection from is at the IP address of 10.20.10.20. In order to determine what is happening to the packets on the network, the engineer decides to use the FTD packet capture tool. Which capture configuration should be used to gather the information needed to troubleshoot this issue? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 40 https://www.passleader.com/ A. B. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 41 https://www.passleader.com/ C. D. Answer: B QUESTION 117 A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverses the data center FTD appliance Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue? A. Use the Packet Export feature to save data onto external drives B. Use the Packet Capture feature to collect real-time network traffic C. Use the Packet Tracer feature for traffic policy analysis Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 42 https://www.passleader.com/ D. Use the Packet Analysis feature for capturing network data Answer: B Explanation: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with- firepower-threat-defense-f.html QUESTION 118 IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high. Which report type should be used to gather this information? A. Malware Report B. Standard Report C. SNMP Report D. Risk Report Answer: D Explanation: Because the report is for non security specialist and will come with recommendations that will help to issues during a period of peaks. The Firepower System offers two types of reports: Risk Reports - High-level summaries of risks found on your network. Standard Reports - Detailed, customizable reports about all aspects of your Firepower System. Risk Reports Risk reports are portable, high-level, easy-to-interpret summaries of risks found in your organization. You can use these reports to share information about areas of risk, and recommendations for addressing these risks, with people who do not have access to your system and who may not be network security experts. These reports are intended to facilitate discussion about areas for investment in the security of your network. QUESTION 119 Refer to the exhibit. An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion. Which action will mitigate this risk? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 43 https://www.passleader.com/ A. Use SSL decryption to analyze the packets. B. Use encrypted traffic analytics to detect attacks C. Use Cisco AMP for Endpoints to block all SSL connection D. Use Cisco Tetration to track SSL connections to servers. Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd- fdm-ssl-decryption.html QUESTION 120 An administrator is setting up Cisco Firepower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters object is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring? A. Add the NetFlow_Send_Destination object to the configuration B. Create a Security Intelligence object to send the data to Cisco Stealthwatch C. Create a service identifier to enable the NetFlow service D. Add the NetFlow_Add_Destination object to the configuration Answer: D QUESTION 121 With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time. Which action should be taken to resolve this issue? A. Manually adjust the time to the correct hour on all managed devices B. Configure the system clock settings to use NTP with Daylight Savings checked C. Manually adjust the time to the correct hour on the Cisco FMC. D. Configure the system clock settings to use NTP Answer: D Explanation: Note that the time displayed on most pages on the web interface is the local time, which is determined by using the time zone you specify in your local configuration. Further, the Firepower Management Center automatically adjusts its local time display for daylight saving time (DST), where appropriate. However, recurring tasks that span the transition dates from DST to standard time and back do not adjust for the transition. That is, if you create a task scheduled for 2:00 AM during standard time, it will run at 3:00 AM during DST. Similarly, if you create a task scheduled for 2:00 AM during DST, it will run at 1:00 AM during standard time. # Documentation: Configuring a Recurring Task https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/Scheduling_Tasks.html QUESTION 122 A network administrator notices that SI events are not being updated The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 44 https://www.passleader.com/ A. Restart the affected devices in order to reset the configurations B. Manually update the SI event entries to that the appropriate traffic is blocked C. Replace the affected devices with devices that provide more memory D. Redeploy configurations to affected devices so that additional memory is allocated to the SI module Answer: D Explanation: Workaround: If you think this is happening, redeploy configurations to the affected devices. https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config- guide-v67/security_intelligence_blacklisting.html QUESTION 123 Refer to the exhibit. What must be done to fix access to this website while preventing the same communication to all other websites? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 45 https://www.passleader.com/ Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 46 https://www.passleader.com/ A. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50. B. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50. C. Create an access control policy rule to allow port 443 to only 172.1.1.50. D. Create an access control policy rule to allow port 80 to only 172.1.1.50. Answer: D QUESTION 124 A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisc FMC generated an alert for the malware event, however the user still remained connected. Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue? A. Detect Files B. Malware Cloud Lookup C. Local Malware Analysis D. Reset Connection Answer: D Explanation: Cisco recommends that you enable Reset Connection for the Block Files and Block Malware actions to prevent blocked application sessions from remaining open until the TCP connection resets. If you do not reset connections, the client session will remain open until the TCP connection resets itself. QUESTION 125 Which feature within the Cisco FMC web interface allows for detecting, analyzing and blocking malware in network traffic? A. intrusion and file events B. Cisco AMP for Endpoints C. Cisco AMP for Networks D. file policies Answer: C Explanation: Advanced Malware Protection (AMP) for Firepower can detect, capture, track, analyze, log, and optionally block the transmission of malware in network traffic. In the Firepower Management Center web interface, this feature is called AMP for Networks, formerly called AMP for Firepower. Advanced Malware Protection identifies malware using managed devices deployed inline and threat data from the Cisco cloud. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/file_policies_and_advanced_malware_protection.html QUESTION 126 Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid? A. mobility B. plus C. base Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 47 https://www.passleader.com/ D. apex Answer: C Explanation: Only base licensing is required for pxGrid integration. You can use PassiveID with just base licensing which passes that onto the FMC through pxGrid. If you want to use context sharing and Rapid Threat Containment, THEN you need Plus licensing. https://www.routexp.com/2017/11/cisco-ise-base-plus-and-apex-licenses.html QUESTION 127 A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection Which action should be taken to accomplish this goal? A. Enable Threat Intelligence Director using STIX and TAXII B. Enable Rapid Threat Containment using REST APIs C. Enable Threat Intelligence Director using REST APIs D. Enable Rapid Threat Containment using STIX and TAXII Answer: A Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config- guide-v623/cisco_threat_intelligence_director__tid_.html QUESTION 128 What is a feature of Cisco AMP private cloud? A. It supports anonymized retrieval of threat intelligence B. It supports security intelligence filtering. C. It disables direct connections to the public cloud. D. It performs dynamic analysis Answer: C Explanation: Connecting a Firepower Management Center to an AMP private cloud disables existing direct connections to the public AMP cloud. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/file_policies_and_amp_for_firepower.html QUESTION 129 An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration tasks must be performed to achieve this file lookup? (Choose two.) A. The Cisco FMC needs to include a SSL decryption policy. B. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service. C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing. D. The Cisco FMC needs to connect with the FireAMP Cloud. E. The Cisco FMC needs to include a file inspection policy for malware lookup. Answer: AE Explanation: Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 48 https://www.passleader.com/ Bobster is referencing local malware analysis requirements, but we have no information that local malware analysis is begin used. By default theat grid is used, and threat grid needs no configuration on the FMC to connect to the cloud. The question states "which configuration tasks" - we dont need to do anything related to threat grid afaik. QUESTION 130 An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic? A. Modify the Cisco ISE authorization policy to deny this access to the user. B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD. C. Add the unknown user in the Access Control Policy in Cisco FTD. D. Add the unknown user in the Malware & File Policy in Cisco FTD. Answer: C QUESTION 131 An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem? A. The backup file is not in.cfg format. B. The backup file is too large for the Cisco FTD device C. The backup file extension was changed from tar to zip D. The backup file was not enabled prior to being applied Answer: C QUESTION 132 A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat? A. Add the hash to the simple custom deletion list. B. Use regular expressions to block the malicious file. C. Enable a personal firewall in the infected endpoint. D. Add the hash from the infected endpoint to the network block list. Answer: A QUESTION 133 A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented? A. Specify the BVl IP address as the default gateway for connected devices. B. Enable routing on the Cisco Firepower Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 49 https://www.passleader.com/ C. Add an IP address to the physical Cisco Firepower interfaces. D. Configure a bridge group in transparent mode. Answer: D Explanation: Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices. However, like any other firewall, access control between interfaces is controlled, and all of the usual firewall checks are in place. Layer 2 connectivity is achieved by using a "bridge group" where you group together the inside and outside interfaces for a network, and the ASA uses bridging techniques to pass traffic between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to which you assign an IP address on the network. You can have multiple bridge groups for multiple networks. In transparent mode, these bridge groups cannot communicate with each other. https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general- config/intro-fw.html QUESTION 134 An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IRS, if it is not dropped, how does the traffic get to its destination? A. It is retransmitted from the Cisco IPS inline set. B. The packets are duplicated and a copy is sent to the destination. C. It is transmitted out of the Cisco IPS outside interface. D. It is routed back to the Cisco ASA interfaces for transmission. Answer: A Explanation: Inline interfaces receive all traffic unconditionally, but all traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped. https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config- guide-v601/fpmc-config-guide-v60_chapter_01011010.pdf QUESTION 135 A network administrator is concerned about the high number of malware files affecting users' machines. What must be done within the access control policy in Cisco FMC to address this concern? A. Create an intrusion policy and set the access control policy to block. B. Create an intrusion policy and set the access control policy to allow. C. Create a file policy and set the access control policy to allow. D. Create a file policy and set the access control policy to block. Answer: C Explanation: Access control rules: Rule 3: Block evaluates traffic third. Matching traffic is blocked without further inspection. Traffic that does not match continues to the final rule. Rule 4: Allow is the final rule. For this rule, matching traffic is allowed; however, prohibited files, malware, intrusions, and exploits within that traffic are detected and blocked. Remaining non- Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 50 https://www.passleader.com/ prohibited, non-malicious traffic is allowed to its destination, though it is still subject to identity requirements and rate limiting. You can configure Allow rules that perform only file inspection, or only intrusion inspection, or neither. QUESTION 136 An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall How is this issue resolved? A. Use traceroute with advanced options. B. Use Wireshark with an IP subnet filter. C. Use a packet capture with match criteria. D. Use a packet sniffer with correct filtering Answer: C Explanation: Capture could just be exported and imported in wireshark. Also, you would be able to use match argument to specify devices instead of subnet, and also SGTs if you want to. QUESTION 137 A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response. Which step must be taken to resolve this issue without initiating traffic from the client? A. Use packet-tracer to ensure that traffic is not being blocked by an access list. B. Use packet capture to ensure that traffic is not being blocked by an access list. C. Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address. D. Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address. Answer: D Explanation: If it is statefull firewall, then ACL can not block the response from server this exesting connection, only wrong NAT rule for this server could be the issue. QUESTION 138 An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the Cisco FTD to meet this requirement? A. flexconfig object for NetFlow B. interface object to export NetFlow C. security intelligence object for NetFlow D. variable set object for NetFlow Answer: A Explanation: Step 4. Configure the Netflow Destination In order to configure the Netflow Destination, navigate to Objects > FlexConfig > FlexConfig Objects Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 51 https://www.passleader.com/ https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/netflow/216126-configure- netflow-secure-event-logging-o.html#anc14 QUESTION 139 An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied? A. Deploy the firewall in transparent mode with access control policies. B. Deploy the firewall in routed mode with access control policies. C. Deploy the firewall in routed mode with NAT configured. D. Deploy the firewall in transparent mode with NAT configured. Answer: B Explanation: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general- config/intro-fw.html QUESTION 140 An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task? A. redundant interfaces on the firewall cluster mode and switches B. redundant interfaces on the firewall noncluster mode and switches C. vPC on the switches to the interface mode on the firewall duster D. vPC on the switches to the span EtherChannel on the firewall cluster Answer: D Explanation: Virtual Port Channels (vPC) are common EtherChannel deployments, especially in the data center, and allow multiple devices to share multiple interfaces EtherChannel Interface requires stack, VSS or vPC when connected to multiple switches. QUESTION 141 What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog? A. All types of Cisco Firepower devices are supported. B. An on-premises proxy server does not need to be set up and maintained. C. Cisco Firepower devices do not need to be connected to the Internet. D. Supports all devices that are running supported versions of Cisco Firepower. Answer: B QUESTION 142 A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it. What is the reason for this issue? Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 52 https://www.passleader.com/ A. A manual NAT exemption rule does not exist at the top of the NAT table. B. An external NAT IP address is not configured. C. An external NAT IP address is configured to match the wrong interface. D. An object NAT exemption rule does not exist at the top of the NAT table. Answer: A Explanation: NAT exemptions can only be done with manual rules before Auto/Object NAT. https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702- configure-and-verify-nat-on-ftd.html QUESTION 143 An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment? A. in active/active mode B. in a cluster span EtherChannel C. in active/passive mode D. in cluster interface mode Answer: C QUESTION 144 When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization? A. inline tap monitor-only mode B. passive monitor-only mode C. passive tap monitor-only mode D. inline mode Answer: A Explanation: For passive monitor-only mode we need extra switch with span port. https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall- config/access-sfr.html QUESTION 145 A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this? A. The value of the highest MTU assigned to any non-management interface was changed. B. The value of the highest MSS assigned to any non-management interface was changed. C. A passive interface was associated with a security zone. D. Multiple inline interface pairs were added to the same inline interface. Answer: A Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 53 https://www.passleader.com/ Explanation: Changing the highest MTU value among all non-management interfaces on the device restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Inspection is interrupted on all non-management interfaces, not just the interface you modified. Whether this interruption drops traffic or passes it without further inspection depends on the model of the managed device and the interface type. See Snort® Restart Traffic Behavior for more information. https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/fpmc-config-guide-v60_chapter_01101010.html QUESTION 146 An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure? A. The interfaces are being used for NAT for multiple networks. B. The administrator is adding interfaces of multiple types. C. The administrator is adding an interface that is in multiple zones. D. The interfaces belong to multiple interface groups. Answer: B Explanation: All interfaces in an interface object must be of the same type: all inline, passive, switched, routed, or ASA FirePOWER. After you create an interface object, you cannot change the type of interfaces it contains. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/reusable_objects.html#ID-2243-000009b4 QUESTION 147 Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.) A. same flash memory size B. same NTP configuration C. same DHCP/PPoE configuration D. same host name E. same number of interfaces Answer: BE Explanation: Conditions In order to create an HA between 2 FTD devices, these conditions must be met: Same model Same version (this applies to FXOS and to FTD - (major (first number), minor (second number), and maintenance (third number) must be equal)) Same number of interfaces Same type of interfaces Both devices as part of same group/domain in FMC Have identical Network Time Protocol (NTP) configuration Be fully deployed on the FMC without uncommitted changes Be in the same firewall mode: routed or transparent. Note that this must be checked on both FTD devices and FMC GUI since there have been cases where the FTDs had the same mode, but FMC does not reflect this. Get Latest & Actual 300-710 Exam Questions and Answers from PassLeader. 54 https://www.passleader.com/ Does not have DHCP/Point-to-Point Protocol over Ethernet (PPPoE) configured in any of the interface Different hostname (Fully Qualified Domain Name (FQDN)) for both chassis. In order to check the chassis hostname navigate to FTD CLI and run this command. https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699- configure-ftd-high-availability-on-firep.html QUESTION 148 A network administrator is configuring Snort inspection policies and is

Cisco 300-710 Exam Questions and Answers PDF

Document Details

Tags

Related

Summary

Full Transcript