New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-710 - Securing Networks with Cisco Firepower (300-710 SNCF)

Cisco 300-710 Premium Access     Download Demo    
Page: 7 / 12
Total 385 questions

A network administrator is deploying a new Cisco Secure Firewall Threat Defense (FTD) firewall After Cisco Secure FTD is deployed, inside clients nave intermittent connectivity to each other. When … the packet capture on the Secure FTD firewall, the administrator sees that Secure FID is responding to all the AW requests on the inside network. Which action must the network administrator e to resolve the issue''

A.

Review NAT policy and disable incorrect proxy ARP configuration.

B.

Hardcode the MAC address of the FTD to IP mapping on client machines.

C.

Review the access policy and verify that ARP is allowed from inside to inside.

D.

Convert the FTD to transparent mode to allow ARP requests.

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

A.

in active/active mode

B.

in a cluster span EtherChannel

C.

in active/passive mode

D.

in cluster interface mode

An administrator is setting up Cisco Firepower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters object is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?

A.

Add the NetFlow_Send_Destination object to the configuration

B.

Create a Security Intelligence object to send the data to Cisco Stealthwatch

C.

Create a service identifier to enable the NetFlow service

D.

Add the NetFlow_Add_Destination object to the configuration

An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)

A.

Modify the system-provided block page result using Python.

B.

Create HTML code with the information for the policies and procedures.

C.

Edit the HTTP request handling in the access control policy to customized block.

D.

Write CSS code with the information for the policies and procedures.

E.

Change the HTTP response in the access control policy to custom.

Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

A.

EIGRP

B.

OSPF

C.

static routing

D.

IS-IS

E.

BGP

A network security engineer must replace a faulty Cisco FTD device in a high availability pair. Which action must be taken while replacing the faulty unit?

A.

Shut down the Cisco FMC before powering up the replacement unit.

B.

Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC.

C.

Unregister the faulty Cisco FTD device from the Cisco FMC

D.

Shut down the active Cisco FTD device before powering up the replacement unit.

An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?

A.

interface-based VLAN switching

B.

inter-chassis clustering VLAN

C.

integrated routing and bridging

D.

Cisco ISE Security Group Tag

A network administrator is implementing an active/passive high availability Cisco FTD pair.

When adding the high availability pair, the administrator cannot select the secondary peer.

What is the cause?

A.

The second Cisco FTD is not the same model as the primary Cisco FTD.

B.

An high availability license must be added to the Cisco FMC before adding the high availability pair.

C.

The failover link must be defined on each Cisco FTD before adding the high availability pair.

D.

Both Cisco FTD devices are not at the same software Version

An engineer is configuring Cisco Security Devices by using Cisco Secure Firewall Management Center. Which configuration command must be run to compare the CA certificate bundle on the local system to the latest CA bundle from the Cisco server?

A.

configure cert-update compare

B.

configure cert-update auto-update enable

C.

configure cert-update run-now

D.

configure cert-update test

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

A.

Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

B.

Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

C.

Use the packet tracer tool to determine at which hop the packet is being dropped.

D.

Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.