New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-710 - Securing Networks with Cisco Firepower (300-710 SNCF)

Cisco 300-710 Premium Access     Download Demo    
Page: 9 / 12
Total 385 questions

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

A.

Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.

B.

The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.

C.

Allows traffic inspection to continue without interruption during the Snort process restart.

D.

The interfaces are automatically configured as a media-independent interface crossover.

A network engineer must configure the cabling between a Cisco Secure Firewall Threat Defense appliance and a network so the Secure Firewall Threat Defense appliance performs inline to analyze and tune generated intrusion events before going live. Which Secure Firewall Threat Defense interface mode must the engineer use?

A.

bypass

B.

link state propagation

C.

tap mode

D.

strict TCP enforcement

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

A.

Deploy the firewall in transparent mode with access control policies.

B.

Deploy the firewall in routed mode with access control policies.

C.

Deploy the firewall in routed mode with NAT configured.

D.

Deploy the firewall in transparent mode with NAT configured.

What is the maximum SHA level of filtering that Threat Intelligence Director supports?

A.

SHA-1024

B.

SHA-4096

C.

SHA-512

D.

SHA-256

A security engineer needs to configure a network discovery policy on a Cisco FMC appliance and prevent excessive network discovery events from overloading the FMC database? Which action must be taken to accomplish this task?

A.

Change the network discovery method to TCP/SYN.

B.

Configure NetFlow exporters for monitored networks.

C.

Monitor only the default IPv4 and IPv6 network ranges.

D.

Exclude load balancers and NAT devices in the policy.

A security engineer must configure policies tor a recently deployed Cisco FTD. The security policy for the company dictates that when five or more connections from external sources are initiated within 2 minutes, there is cause for concern. Which type of policy must be configured in Cisco FMC \z generate an alert when this condition is triggered?

A.

application detector

B.

access control

C.

intrusion

D.

correlation

An engineer configures an access control rule that deploys file policy configurations to security zones or tunnel zones, and it causes the device to restart. What is the reason for the restart?

A.

Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.

B.

The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.

C.

Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.

D.

The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.

An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

A.

Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies

B.

Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic

C.

Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.

D.

Tune the intrusion policies in order to allow the VPN traffic through without inspection

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

A.

Only the UDP packet type is supported.

B.

The output format option for the packet logs is unavailable.

C.

The destination MAC address is optional if a VLAN ID value is entered.

D.

The VLAN ID and destination MAC address are optional.

Refer to the exhibit.

What must be done to fix access to this website while preventing the same communication to all other websites?

A.

Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1 50.

B.

Create an access control policy rule to allow port 80 to only 172.1.1 50.

C.

Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50

D.

Create an access control policy rule to allow port 443 to only 172.1.1 50