300-710 Dumps

300-710 Braindumps

300-710 Real Questions

300-710 Practice Test

300-710 Actual Questions


killexams.com


Cisco


300-710


Securing Networks with Cisco Firepower


https://killexams.com/pass4sure/exam-detail/300-710

Question: 273


When creating a report template, how can the results be limited to show only the activity of a specific subnet?

  1. Create a custom search in Firepower Management Center and select it in each section of the report.

  2. Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/I

  1. Add a Table View section to the report with the Search field defined as the network in CIDR format.

  2. Select IP Address as the X-Axis in each section of the report.


Answer: B Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-SystemUserGuide-v5401/Reports.html#87267


Question: 274


Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

  1. The units must be the same version

  2. Both devices can be part of a different group that must be in the same domain when configured within the FM

  1. The units must be different models if they are part of the same series.

  2. The units must be configured only for firewall routed mode.

  3. The units must be the same model.


Answer: AE Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699configure-ftd-high-availability-on-firep.html


Question: 275


Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

  1. a default DMZ policy for which only a user can change the IP addresses.

  2. deny ip any

  3. no policy rule is included

  4. permit ip any


Answer: C


Question: 276


Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

  1. OSPFv2 with IPv6 capabilities

  2. virtual links

  3. SHA authentication to OSPF packets

  4. area boundary router type 1 LSA filtering

  5. MD5 authentication to OSPF packets


Answer: BD Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-configguide- v62/ospf_for_firepower_threat_defense.html


Question: 277


What is the difference between inline and inline tap on Cisco Firepower?

  1. Inline tap mode can send a copy of the traffic to another device.

  2. Inline tap mode does full packet capture.

  3. Inline mode cannot do SSL decryption.

  4. Inline mode can drop malicious traffic.

Answer: D


Question: 278


With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

  1. inline set

  2. passive

  3. routed

  4. inline tap


Answer: B Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide- v64/interface_overview_for_firepower_threat_defense.html


Question: 279


Which two deployment types support high availability? (Choose two.)

  1. transparent

  2. routed

  3. clustered

  4. intra-chassis multi-instance

  5. virtual appliance in public cloud


Answer: AB Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config guide-v61/firepower_threat_defense_high_availability.html

Question: 280


Which two actions can be used in an access control policy rule? (Choose two.)

  1. Block with Reset

  2. Monitor

  3. Analyze

  4. Discover

  5. Block ALL


Answer: AB Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asafirepower-module-user-guide-v541/AC-Rules- Tuning-Overview.html#71854


Question: 281


Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

  1. The BVI IP address must be in a separate subnet from the connected network.

  2. Bridge groups are supported in both transparent and routed firewall modes.

  3. Bridge groups are supported only in transparent firewall mode.

  4. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

  5. Each directly connected network must be on the same subnet.


Answer: CD

Explanation:


Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-configguide- v62/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html


Question: 282


Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

  1. BGPv6

  2. ECMP with up to three equal cost paths across multiple interfaces

  3. ECMP with up to three equal cost paths across a single interface

  4. BGPv4 in transparent firewall mode

  5. BGPv4 with nonstop forwarding


Answer: AC Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-configguide-v601/fpmc-config-guide- v60_chapter_01100011.html#ID-2101-0000000e


Question: 283


Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

  1. configure manager local 10.0.0.10 Cisco123

  2. configure manager add Cisco123 10.0.0.10

  3. configure manager local Cisco123 10.0.0.10

  4. configure manager add 10.0.0.10 Cisco123


Answer: D Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmtnw.html#id_106101


Question: 284


On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

  1. transparent inline mode

  2. TAP mode

  3. strict TCP enforcement

  4. propagate link state


Answer: D Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide- v64/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html


Question: 285


Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

  1. EIGRP

  2. OSPF

  3. static routing

  4. IS-IS

  5. BGP


Answer: CE

Explanation:


Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/ fptd-fdm-routing.html


Question: 286


Which protocol establishes network redundancy in a switched Firepower device deployment?

  1. STP

  2. HSRP

  3. GLBP

  4. VRRP


Answer: A Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-configguide- v62/firepower_threat_defense_high_availability.html


Question: 287


What is a result of enabling Cisco FTD clustering?

  1. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

  2. Integrated Routing and Bridging is supported on the master unit.

  3. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

  4. All Firepower appliances can support Cisco FTD clustering.


Answer: C Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide- v64/clustering_for_the_firepower_threat_defense.html


Question: 288


Which interface type allows packets to be dropped?

  1. passive

  2. inline

  3. ERSPAN

  4. TAP


Answer: B Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuringfirepower-threat-defense-int.html


Question: 289


What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

  1. VPN connections can be re-established only if the failed master unit recovers.

  2. Smart License is required to maintain VPN connections simultaneously across all cluster units.

  3. VPN connections must be re-established when a new master unit is elected.

  4. Only established VPN connections are maintained when a new master unit is elected.


Answer: C Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-clustersolution.html#concept_g32_yml_y2b


6$03/( 48(67,216


7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV


.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP



$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP


([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP


3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV


*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV


8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV


7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\


'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU

.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG