Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-710 - Securing Networks with Cisco Firepower (300-710 SNCF)

Cisco 300-710 Premium Access     Download Demo    
Page: 6 / 10
Total 376 questions

An organization created a custom application that is being flagged by Cisco Secure Endpoint. The application must be exempt from being flagged. What is the process to meet the requirement?

A.

Modify the custom detection list to exclude me custom application.

B.

Preculculate the hash value of the custom application and add it to the allowed applications.

C.

Configure the custom application to use the information-store paths.

D.

Add the custom application to the DFC 1st and update the policy.

Cisco Security Analytics and Logging SaaS licenses come with how many days of data retention by default?

A.

60

B.

365

C.

90

D.

120

A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair.

Which configuration must be changed before setting up the high availability pair?

A.

An IP address in the same subnet must be added to each Cisco FTD on the interface.

B.

The interface name must be removed from the interface on each Cisco FTD.

C.

The name Failover must be configured manually on the interface on each cisco FTD.

D.

The interface must be configured as part of a LACP Active/Active EtherChannel.

A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network?

A.

Configure a second circuit to an ISP for added redundancy

B.

Keep a copy of the current configuration to use as backup

C.

Configure the Cisco FMCs for failover

D.

Configure the Cisco FMC managed devices for clustering.

An engineer is implementing a new Cisco Secure Firewall. The firewall must filler traffic between the three subnets:

• LAN 192.168.101.0724

• DMZ 192.168 200.0/24

• WAN 10.0.0.0/30

Which firewall mode must the engineer implement?

A.

transparent

B.

network

C.

routed

D.

gateway

An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192 168.100.100 has the MAC address of 0042 7734.103 to help troubleshoot aconnectivity issue What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

A.

-nm src 192.168.100.100

B.

-ne src 192.168.100.100

C.

-w capture.pcap -s 1518 host 192.168.100.100 mac

D.

-w capture.pcap -s 1518 host 192.168.100.100 ether

Refer to the exhibit. An engineer analyzes a Network Risk Report from Cisco Secure Firewall Management Center. What should the engineer recommend implementing to mitigate the risk?

A.

IP address and URL blacklisting

B.

Trend analysis

C.

Network-based detection

D.

Virtual protection

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

A.

Only the UDP packet type is supported.

B.

The output format option for the packet logs is unavailable.

C.

The destination MAC address is optional if a VLAN ID value is entered.

D.

The VLAN ID and destination MAC address are optional.

An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device. The company has a contact center that utilizes VoIP heavily, and it is critical that this traffic is not …. by performance issues after deploying the access control policy Which access control Action rule must be configured to handle the VoIP traffic?

A.

monitor

B.

trust

C.

block

D.

allow

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. Which technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

A.

utilizing a dynamic Access Control Policy that updates from Cisco Talos

B.

utilizing policy inheritance

C.

creating a unique Access Control Policy per device

D.

creating an Access Control Policy with an INSIDE_NET network object and object overrides