Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Cisco 300-710 Securing Networks with Cisco Firepower (300-710 SNCF) Exam Practice Test

Page: 1 / 38
Total 376 questions

Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Question 1

What is a behavior of a Cisco FMC database purge?

Options:

A.

User login and history data are removed from the database if the User Activity check box is selected.

B.

Data can be recovered from the device.

C.

The appropriate process is restarted.

D.

The specified data is removed from Cisco FMC and kept for two weeks.

Question 2

Which Cisco Firepower feature is used to reduce the number of events received in a period of time?

Options:

A.

rate-limiting

B.

suspending

C.

correlation

D.

thresholding

Question 3

What is a functionality of port objects in Cisco FMC?

Options:

A.

to mix transport protocols when setting both source and destination port conditions in a rule

B.

to represent protocols other than TCP, UDP, and ICMP

C.

to represent all protocols in the same way

D.

to add any protocol other than TCP or UDP for source port conditions in access control rules.

Question 4

Which two packet captures does the FTD LINA engine support? (Choose two.)

Options:

A.

Layer 7 network ID

B.

source IP

C.

application ID

D.

dynamic firewall importing

E.

protocol

Question 5

How many report templates does the Cisco Firepower Management Center support?

Options:

A.

20

B.

10

C.

5

D.

unlimited

Question 6

Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?

Options:

A.

show running-config

B.

show tech-support chassis

C.

system support diagnostic-cli

D.

sudo sf_troubleshoot.pl

Question 7

Which group within Cisco does the Threat Response team use for threat analysis and research?

Options:

A.

Cisco Deep Analytics

B.

OpenDNS Group

C.

Cisco Network Response

D.

Cisco Talos

Question 8

Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

Question # 8

Options:

Question 9

Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

Options:

A.

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re- apply the policies after registration is completed.

B.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

C.

No option to delete and re-add a device is available in the Cisco FMC web interface.

D.

The Cisco FMC web interface prompts users to re-apply access control policies.

E.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

Question 10

After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?

Options:

A.

/etc/sf/DCMIB.ALERT

B.

/sf/etc/DCEALERT.MIB

C.

/etc/sf/DCEALERT.MIB

D.

system/etc/DCEALERT.MIB

Question 11

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?

Options:

A.

system support firewall-engine-debug

B.

system support ssl-debug

C.

system support platform

D.

system support dump-table

Question 12

Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?

Options:

A.

configure coredump packet-engine enable

B.

capture-traffic

C.

capture

D.

capture WORD

Question 13

Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?

Options:

A.

system generate-troubleshoot

B.

show configuration session

C.

show managers

D.

show running-config | include manager

Question 14

Which CLI command is used to control special handling of ClientHello messages?

Options:

A.

system support ssl-client-hello-tuning

B.

system support ssl-client-hello-display

C.

system support ssl-client-hello-force-reset

D.

system support ssl-client-hello-enabled

Question 15

Which command-line mode is supported from the Cisco Firepower Management Center CLI?

Options:

A.

privileged

B.

user

C.

configuration

D.

admin

Question 16

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high- availability?

Options:

A.

configure high-availability resume

B.

configure high-availability disable

C.

system support network-options

D.

configure high-availability suspend

Question 17

Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment?

Options:

A.

Child domains can view but not edit dashboards that originate from an ancestor domain.

B.

Child domains have access to only a limited set of widgets from ancestor domains.

C.

Only the administrator of the top ancestor domain can view dashboards.

D.

Child domains cannot view dashboards that originate from an ancestor domain.

Question 18

What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

Options:

A.

1024

B.

8192

C.

4096

D.

2048

Question 19

A network engineer is configuring URL Filtering on Firepower Threat Defense. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)

Options:

A.

outbound port TCP/443

B.

inbound port TCP/80

C.

outbound port TCP/8080

D.

inbound port TCP/443

E.

outbound port TCP/80

Question 20

Which command must be run to generate troubleshooting files on an FTD?

Options:

A.

system support view-files

B.

sudo sf_troubleshoot.pl

C.

system generate-troubleshoot all

D.

show tech-support

Question 21

What is the benefit of selecting the trace option for packet capture?

Options:

A.

The option indicates whether the packet was dropped or successful.

B.

The option indicated whether the destination host responds through a different path.

C.

The option limits the number of packets that are captured.

D.

The option captures details of each packet.

Question 22

Within Cisco Firepower Management Center, where does a user add or modify widgets?

Options:

A.

dashboard

B.

reporting

C.

context explorer

D.

summary tool

Question 23

When do you need the file-size command option during troubleshooting with packet capture?

Options:

A.

when capture packets are less than 16 MB

B.

when capture packets are restricted from the secondary memory

C.

when capture packets exceed 10 GB

D.

when capture packets exceed 32 MB

Question 24

Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

Options:

A.

a default DMZ policy for which only a user can change the IP addresses.

B.

deny ip any

C.

no policy rule is included

D.

permit ip any

Question 25

An organization is migrating their Cisco ASA devices running in multicontext mode to Cisco FTD devices. Which action must be taken to ensure that each context on the Cisco ASA is logically separated in the Cisco FTD devices?

Options:

A.

Add a native instance to distribute traffic to each Cisco FTD context.

B.

Add the Cisco FTD device to the Cisco ASA port channels.

C.

Configure a container instance in the Cisco FTD for each context in the Cisco ASA.

D.

Configure the Cisco FTD to use port channels spanning multiple networks.

Question 26

What are two application layer preprocessors? (Choose two.)

Options:

A.

CIFS

B.

IMAP

C.

SSL

D.

DNP3

E.

ICMP

Question 27

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?

Options:

A.

Configure an IPS policy and enable per-rule logging.

B.

Disable the default IPS policy and enable global logging.

C.

Configure an IPS policy and enable global logging.

D.

Disable the default IPS policy and enable per-rule logging.

Question 28

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?

Options:

A.

inline tap monitor-only mode

B.

passive monitor-only mode

C.

passive tap monitor-only mode

D.

inline mode

Question 29

Which protocol establishes network redundancy in a switched Firepower device deployment?

Options:

A.

STP

B.

HSRP

C.

GLBP

D.

VRRP

Question 30

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

Options:

A.

Create a firewall rule to allow CDP traffic.

B.

Create a bridge group with the firewall interfaces.

C.

Change the firewall mode to transparent.

D.

Change the firewall mode to routed.

Question 31

A network security engineer must replace a faulty Cisco FTD device in a high availability pair. Which action must be taken while replacing the faulty unit?

Options:

A.

Shut down the Cisco FMC before powering up the replacement unit.

B.

Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC.

C.

Unregister the faulty Cisco FTD device from the Cisco FMC

D.

Shut down the active Cisco FTD device before powering up the replacement unit.

Question 32

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?

Options:

A.

active/active failover

B.

transparent

C.

routed

D.

high availability clustering

Question 33

What are the minimum requirements to deploy a managed device inline?

Options:

A.

inline interfaces, security zones, MTU, and mode

B.

passive interface, MTU, and mode

C.

inline interfaces, MTU, and mode

D.

passive interface, security zone, MTU, and mode

Question 34

Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

Options:

A.

EIGRP

B.

OSPF

C.

static routing

D.

IS-IS

E.

BGP

Question 35

On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

Options:

A.

transparent inline mode

B.

TAP mode

C.

strict TCP enforcement

D.

propagate link state

Question 36

With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

Options:

A.

inline set

B.

passive

C.

routed

D.

inline tap

Question 37

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

Options:

A.

in active/active mode

B.

in a cluster span EtherChannel

C.

in active/passive mode

D.

in cluster interface mode

Question 38

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

Options:

A.

Deploy the firewall in transparent mode with access control policies.

B.

Deploy the firewall in routed mode with access control policies.

C.

Deploy the firewall in routed mode with NAT configured.

D.

Deploy the firewall in transparent mode with NAT configured.

Question 39

A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?

Options:

A.

Specify the BVl IP address as the default gateway for connected devices.

B.

Enable routing on the Cisco Firepower

C.

Add an IP address to the physical Cisco Firepower interfaces.

D.

Configure a bridge group in transparent mode.

Question 40

Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

Options:

A.

same flash memory size

B.

same NTP configuration

C.

same DHCP/PPoE configuration

D.

same host name

E.

same number of interfaces

Question 41

Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

Options:

A.

The units must be the same version

B.

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

C.

The units must be different models if they are part of the same series.

D.

The units must be configured only for firewall routed mode.

E.

The units must be the same model.

Question 42

What is a result of enabling Cisco FTD clustering?

Options:

A.

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

B.

Integrated Routing and Bridging is supported on the master unit.

C.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

D.

All Firepower appliances can support Cisco FTD clustering.

Question 43

What is the difference between inline and inline tap on Cisco Firepower?

Options:

A.

Inline tap mode can send a copy of the traffic to another device.

B.

Inline tap mode does full packet capture.

C.

Inline mode cannot do SSL decryption.

D.

Inline mode can drop malicious traffic.

Question 44

Within an organization's high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

Options:

A.

span EtherChannel clustering

B.

redundant interfaces

C.

high availability active/standby firewalls

D.

multi-instance firewalls

Question 45

Which interface type allows packets to be dropped?

Options:

A.

passive

B.

inline

C.

ERSPAN

D.

TAP

Question 46

An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?

Options:

A.

prefilter

B.

intrusion

C.

identity

D.

URL filtering

Question 47

What is a valid Cisco AMP file disposition?

Options:

A.

non-malicious

B.

malware

C.

known-good

D.

pristine

Question 48

Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)

Options:

A.

application blocking

B.

simple custom detection

C.

file repository

D.

exclusions

E.

application whitelisting

Question 49

Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?

Options:

A.

Add the malicious file to the block list.

B.

Send a snapshot to Cisco for technical support.

C.

Forward the result of the investigation to an external threat-analysis engine.

D.

Wait for Cisco Threat Response to automatically block the malware.

Question 50

Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)

Options:

A.

dynamic null route configured

B.

DHCP pool disablement

C.

quarantine

D.

port shutdown

E.

host shutdown

Question 51

Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?

Options:

A.

pxGrid

B.

FTD RTC

C.

FMC RTC

D.

ISEGrid

Question 52

In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?

Options:

A.

unavailable

B.

unknown

C.

clean

D.

disconnected

Question 53

What is the maximum SHA level of filtering that Threat Intelligence Director supports?

Options:

A.

SHA-1024

B.

SHA-4096

C.

SHA-512

D.

SHA-256

Question 54

Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?

Options:

A.

Windows domain controller

B.

audit

C.

triage

D.

protection

Question 55

Refer to the exhibit.

What must be done to fix access to this website while preventing the same communication to all other websites?

Options:

A.

Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1 50.

B.

Create an access control policy rule to allow port 80 to only 172.1.1 50.

C.

Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50

D.

Create an access control policy rule to allow port 443 to only 172.1.1 50

Question 56

An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the Cisco FTD to meet this requirement?

Options:

A.

interface object to export NetFlow

B.

security intelligence object for NetFlow

C.

flexconfig object for NetFlow

D.

variable set object for NetFlow

Question 57

Network users experience issues when accessing a server on a different network segment. An engineer investigates the issue by performing packet capture on Cisco Secure Firewall Threat Defense. The engineer expects more data and suspects that not all the traffic was collected during a 15-minute can’t captured session. Which action must the engineer take to resolve the issue?

Options:

A.

Forward the captured data lo an FTP server

B.

Increase the amount of RAM allocated for the capture.

C.

Provide a file name to save the data.

D.

Ensure that the allocated memory is sufficient.

Question 58

An administrator must fix a network problem whereby traffic from the inside network to a webserver is not getting through an instance of Cisco Secure Firewall Threat Defense. Which command must the administrator use to capture packets to the webserver that are dropped by Secure Firewall Throat Defense and resold the issue?

Options:

A.

capture CAP int OUTSIDE match ip any host WEBSERVERIP

B.

capture CAP type asp-drop all headers-only

C.

capture CAP int INSIDE match ip any host WEBSERVERIP

D.

capture CAP int INSIDE match tcp any 80 host WEBSERVERlP 80

Question 59

Refer to the exhibit.

Question # 59

And engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network How is the Firepower configuration updated to protect these new operating systems?

Options:

A.

Cisco Firepower automatically updates the policies.

B.

The administrator requests a Remediation Recommendation Report from Cisco Firepower

C.

Cisco Firepower gives recommendations to update the policies.

D.

The administrator manually updates the policies.

Question 60

Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?

Options:

A.

Malware Report

B.

Host Report

C.

Firepower Report

D.

Network Report

Question 61

Refer to the exhibit.

Question # 61

An organization has an access control rule with the intention of sending all social media traffic for inspection After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed What must be done to address this issue?

Options:

A.

Modify the selected application within the rule

B.

Change the intrusion policy to connectivity over security.

C.

Modify the rule action from trust to allow

D.

Add the social network URLs to the block list

Question 62

A network administrator is troubleshooting access to a website hosted behind a Cisco FTD device External clients cannot access the web server via HTTPS The IP address configured on the web server is 192 168 7.46 The administrator is running the command capture CAP interface outside match ip any 192.168.7.46 255.255.255.255 but cannot see any traffic in the capture Why is this occurring?

Options:

A.

The capture must use the public IP address of the web server.

B.

The FTD has no route to the web server.

C.

Theaccess policy is blocking the traffic.

D.

The packet capture shows only blocked traffic

Question 63

Which two routing options are valid with Cisco FTD? (Choose Two)

Options:

A.

BGPv6

B.

ECMP with up to three equal cost paths across multiple interfaces

C.

ECMP with up to three equal cost paths across a single interface

D.

BGPv4 in transparent firewall mode

E.

BGPv4 with nonstop forwarding

Question 64

There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic What is a result of enabling TLS'SSL decryption to allow this visibility?

Options:

A.

It prompts the need for a corporate managed certificate

B.

It has minimal performance impact

C.

It is not subject to any Privacy regulations

D.

It will fail if certificate pinning is not enforced

Question 65

A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

Options:

A.

Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.

B.

Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.

C.

There is a host limit set.

D.

The user agent status is set to monitor.

Question 66

Question # 66

Question # 66

Refer to the exhibit. A security engineer must improve security in an organization and is producing a risk mitigation strategy to present to management for approval. Which action must the security engineer take based on this Attacks Risk Report?

Options:

A.

Block Internet Explorer.

B.

Block NetBIOS.

C.

Inspect TCP port 80 traffic.

D.

Inspect DNS traffic.

Question 67

With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?

Options:

A.

switch virtual

B.

bridge group member

C.

bridge virtual

D.

subinterface

Question 68

When an engineer captures traffic on a Cisco FTD to troubleshoot a connectivity problem, they receive a large amount of output data in the GUI tool. The engineer found that viewing the Captures this way is time-consuming and difficult lo son and filter. Which file type must the engineer export the data in so that it can be reviewed using a tool built for this type of analysis?

Options:

A.

NetFlow v9

B.

PCAP

C.

NetFlow v5

D.

IPFIX

Question 69

An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC. What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?

Options:

A.

Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails.

B.

Configure high-availability in both the primary and secondary Cisco FMCs.

C.

Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length.

D.

Place the active Cisco FMC device on the same trusted management network as the standby device.

Question 70

Which Cisco Firepower rule action displays an HTTP warning page?

Options:

A.

Monitor

B.

Block

C.

Interactive Block

D.

Allow with Warning

Question 71

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

Options:

A.

The BVI IP address must be in a separate subnet from the connected network.

B.

Bridge groups are supported in both transparent and routed firewall modes.

C.

Bridge groups are supported only in transparent firewall mode.

D.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E.

Each directly connected network must be on the same subnet.

Question 72

An engineer is using the configure manager add Cisc402098527 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why Is this occurring?

Options:

A.

The NAT ID is required since the Cisco FMC is behind a NAT device.

B.

The IP address used should be that of the Cisco FTD. not the Cisco FMC.

C.

DONOTRESOLVE must be added to the command

D.

The registration key is missing from the command

Question 73

Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

Options:

A.

BGPv6

B.

ECMP with up to three equal cost paths across multiple interfaces

C.

ECMP with up to three equal cost paths across a single interface

D.

BGPv4 in transparent firewall mode

E.

BGPv4 with nonstop forwarding

Question 74

Which object type supports object overrides?

Options:

A.

time range

B.

security group tag

C.

network object

D.

DNS server group

Question 75

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

Options:

A.

The rate-limiting rule is disabled.

B.

Matching traffic is not rate limited.

C.

The system rate-limits all traffic.

D.

The system repeatedly generates warnings.

Question 76

In which two places can thresholding settings be configured? (Choose two.)

Options:

A.

on each IPS rule

B.

globally, within the network analysis policy

C.

globally, per intrusion policy

D.

on each access control rule

E.

per preprocessor, within the network analysis policy

Question 77

An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?

Options:

A.

The interfaces are being used for NAT for multiple networks.

B.

The administrator is adding interfaces of multiple types.

C.

The administrator is adding an interface that is in multiple zones.

D.

The interfaces belong to multiple interface groups.

Question 78

Which two actions can be used in an access control policy rule? (Choose two.)

Options:

A.

Block with Reset

B.

Monitor

C.

Analyze

D.

Discover

E.

Block ALL

Question 79

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

Options:

A.

Modify the Cisco ISE authorization policy to deny this access to the user.

B.

Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.

C.

Add the unknown user in the Access Control Policy in Cisco FTD.

D.

Add the unknown user in the Malware & File Policy in Cisco FTD.

Question 80

An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)

Options:

A.

Modify the system-provided block page result using Python.

B.

Create HTML code with the information for the policies and procedures.

C.

Edit the HTTP request handling in the access control policy to customized block.

D.

Write CSS code with the information for the policies and procedures.

E.

Change the HTTP response in the access control policy to custom.

Question 81

Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choosetwo.)

Options:

A.

OSPFv2 with IPv6 capabilities

B.

virtual links

C.

SHA authentication to OSPF packets

D.

area boundary router type 1 LSA filtering

E.

MD5 authentication to OSPF packets

Question 82

A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?

Options:

A.

Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.

B.

Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.

C.

Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.

D.

Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.

Question 83

Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

Options:

A.

FlexConfig

B.

BDI

C.

SGT

D.

IRB

Question 84

A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?

Options:

A.

The malware license has not been applied to the Cisco FTD.

B.

The Cisco FMC cannot reach the Internet to analyze files.

C.

A file policy has not been applied to the access policy.

D.

Only Spero file analysis is enabled.

Question 85

In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)

Options:

A.

Traffic inspection can be interrupted temporarily when configuration changes are deployed.

B.

The system performs intrusion inspection followed by file inspection.

C.

They can block traffic based on Security Intelligence data.

D.

File policies use an associated variable set to perform intrusion prevention.

E.

The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.

Question 86

A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?

Options:

A.

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

B.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

C.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

D.

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

Question 87

Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

Options:

A.

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

B.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

C.

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

D.

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

E.

reputation-based objects, such as URL categories

Question 88

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configurationchange must be made to alleviate this issue?

Options:

A.

Leave default networks.

B.

Change the method to TCP/SYN.

C.

Increase the number of entries on the NAT device.

D.

Exclude load balancers and NAT devices.

Question 89

An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?

Options:

A.

interface-based VLAN switching

B.

inter-chassis clustering VLAN

C.

integrated routing and bridging

D.

Cisco ISE Security Group Tag

Question 90

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

Options:

A.

VPN connections can be re-established only if the failed master unit recovers.

B.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

C.

VPN connections must be re-established when a new master unit is elected.

D.

Only established VPN connections are maintained when a new master unit is elected.

Question 91

When creating a report template, how can the results be limited to show only the activity of a specific subnet?

Options:

A.

Create a custom search in Firepower Management Center and select it in each section of the report.

B.

Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.

C.

Add a Table View section to the report with the Search field defined as the network in CIDR format.

D.

Select IP Address as the X-Axis in each section of the report.

Page: 1 / 38
Total 376 questions