New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-710 - Securing Networks with Cisco Firepower (300-710 SNCF)

Cisco 300-710 Premium Access     Download Demo    
Page: 8 / 12
Total 385 questions

Refer to the exhibit.

An organization has an access control rule with the intention of sending all social media traffic for inspection After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed What must be done to address this issue?

A.

Modify the selected application within the rule

B.

Change the intrusion policy to connectivity over security.

C.

Modify the rule action from trust to allow

D.

Add the social network URLs to the block list

A network administrator wants to configure a Cisco Secure Firewall Threat Defense instance managed by Cisco Secure Firewall Management Center to block traffic to known cryptomning networks. Which system settings must the administrator configure in Secure Firewall Management Center to meet the requirement?

A.

Access Policy. Security Intelligence

B.

Malware Policy.

C.

Rules Intrusion Policy. Security Intelligence

D.

Access Policy. Rules

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high- availability?

A.

configure high-availability resume

B.

configure high-availability disable

C.

system support network-options

D.

configure high-availability suspend

An engineer is troubleshooting a device that cannot connect to a web server. The connection is initiated from the Cisco FTD inside interface and attempting to reach 10.0.1.100 over the non-standard port of 9443 The host the engineer is attempting the connection from is at the IP address of 10.20.10.20. In order to determine what is happening to the packets on the network, the engineer decides to use the FTD packet capture tool Which capture configuration should be used to gather the information needed to troubleshoot this issue?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not reachable from the Internet on port 80. Which configuration change is needed?

A.

The intrusion policy must be disabled for port 80.

B.

The access policy rule must be configured for the action trust.

C.

The NAT policy must be modified to translate the source IP address as well as destination IP address.

D.

The access policy must allow traffic to the internal web server IP address.

An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?

A.

Attacks Risk Report

B.

User Risk Report

C.

Network Risk Report

D.

Advanced Malware Risk Report

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

A.

The BVI IP address must be in a separate subnet from the connected network.

B.

Bridge groups are supported in both transparent and routed firewall modes.

C.

Bridge groups are supported only in transparent firewall mode.

D.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E.

Each directly connected network must be on the same subnet.

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. Which technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

A.

utilizing a dynamic Access Control Policy that updates from Cisco Talos

B.

utilizing policy inheritance

C.

creating a unique Access Control Policy per device

D.

creating an Access Control Policy with an INSIDE_NET network object and object overrides

A security engineer must add a new policy to block UDP traffic to one server. The engineer adds a new object. Which action must the engineer take next to identify all the UDP ports?

A.

Define the transport protocol and the mandatory port range.

B.

Add the transport number and specify the type and code.

C.

Add the corresponding IP protocol number for UDP and TCP.

D.

Specify the transport protocol and leave the port number empty.

An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?

A.

redundant interfaces on the firewall cluster mode and switches

B.

redundant interfaces on the firewall noncluster mode and switches

C.

vPC on the switches to the interface mode on the firewall duster

D.

vPC on the switches to the span EtherChannel on the firewall cluster