300-710 Dumps
300-710 Braindumps
300-710 Real Questions
300-710 Practice Test
300-710 Actual Questions
killexams.com
Securing Networks with Cisco Firepower
https://killexams.com/pass4sure/exam-detail/300-710
Question: 273
When creating a report template, how can the results be limited to show only the activity of a specific subnet?
Create a custom search in Firepower Management Center and select it in each section of the report.
Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/I
Add a Table View section to the report with the Search field defined as the network in CIDR format.
Select IP Address as the X-Axis in each section of the report.
Answer: B Explanation:
Question: 274
Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)
The units must be the same version
Both devices can be part of a different group that must be in the same domain when configured within the FM
The units must be different models if they are part of the same series.
The units must be configured only for firewall routed mode.
The units must be the same model.
Answer: AE Explanation:
Question: 275
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?
a default DMZ policy for which only a user can change the IP addresses.
deny ip any
no policy rule is included
permit ip any
Answer: C
Question: 276
Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)
OSPFv2 with IPv6 capabilities
virtual links
SHA authentication to OSPF packets
area boundary router type 1 LSA filtering
MD5 authentication to OSPF packets
Answer: BD Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-configguide- v62/ospf_for_firepower_threat_defense.html
Question: 277
What is the difference between inline and inline tap on Cisco Firepower?
Inline tap mode can send a copy of the traffic to another device.
Inline tap mode does full packet capture.
Inline mode cannot do SSL decryption.
Inline mode can drop malicious traffic.
Answer: D
Question: 278
With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?
inline set
passive
routed
inline tap
Answer: B Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide- v64/interface_overview_for_firepower_threat_defense.html
Question: 279
Which two deployment types support high availability? (Choose two.)
transparent
routed
clustered
intra-chassis multi-instance
virtual appliance in public cloud
Answer: AB Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config guide-v61/firepower_threat_defense_high_availability.html
Question: 280
Which two actions can be used in an access control policy rule? (Choose two.)
Block with Reset
Monitor
Analyze
Discover
Block ALL
Answer: AB Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asafirepower-module-user-guide-v541/AC-Rules- Tuning-Overview.html#71854
Question: 281
Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)
The BVI IP address must be in a separate subnet from the connected network.
Bridge groups are supported in both transparent and routed firewall modes.
Bridge groups are supported only in transparent firewall mode.
Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.
Each directly connected network must be on the same subnet.
Answer: CD
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-configguide- v62/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html
Question: 282
Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)
BGPv6
ECMP with up to three equal cost paths across multiple interfaces
ECMP with up to three equal cost paths across a single interface
BGPv4 in transparent firewall mode
BGPv4 with nonstop forwarding
Answer: AC Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-configguide-v601/fpmc-config-guide- v60_chapter_01100011.html#ID-2101-0000000e
Question: 283
Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?
configure manager local 10.0.0.10 Cisco123
configure manager add Cisco123 10.0.0.10
configure manager local Cisco123 10.0.0.10
configure manager add 10.0.0.10 Cisco123
Answer: D Explanation:
Question: 284
On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?
transparent inline mode
TAP mode
strict TCP enforcement
propagate link state
Answer: D Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide- v64/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html
Question: 285
Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)
EIGRP
OSPF
static routing
IS-IS
BGP
Answer: CE
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/ fptd-fdm-routing.html
Question: 286
Which protocol establishes network redundancy in a switched Firepower device deployment?
STP
HSRP
GLBP
VRRP
Answer: A Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-configguide- v62/firepower_threat_defense_high_availability.html
Question: 287
What is a result of enabling Cisco FTD clustering?
For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
Integrated Routing and Bridging is supported on the master unit.
Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
All Firepower appliances can support Cisco FTD clustering.
Answer: C Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide- v64/clustering_for_the_firepower_threat_defense.html
Question: 288
Which interface type allows packets to be dropped?
passive
inline
ERSPAN
TAP
Answer: B Explanation:
Question: 289
What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?
VPN connections can be re-established only if the failed master unit recovers.
Smart License is required to maintain VPN connections simultaneously across all cluster units.
VPN connections must be re-established when a new master unit is elected.
Only established VPN connections are maintained when a new master unit is elected.
Answer: C Explanation:
6$03/( 48(67,216
7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV
.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP
'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU
.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG