• Home
  • Articles
  • 300-710 Braindumps PDF, Cisco 300-710 Exam Cram [Q38-Q63]

300-710 Braindumps PDF, Cisco 300-710 Exam Cram [Q38-Q63]

Share

300-710 Braindumps PDF, Cisco 300-710 Exam Cram

New 2021 300-710 Sample Questions Reliable 300-710 Test Engine

NEW QUESTION 38
In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)

  • A. File policies use an associated variable set to perform intrusion prevention.
  • B. They can block traffic based on Security Intelligence data.
  • C. Traffic inspection can be interrupted temporarily when configuration changes are deployed.
  • D. The system performs intrusion inspection followed by file inspection.
  • E. The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.

Answer: B,C

Explanation:
Section: Configuration
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Access_Control_Using_Intrusion_and_File_Policies.html

 

NEW QUESTION 39
After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?

  • A. Current Status
  • B. Current Sessions
  • C. Custom Analysis
  • D. Correlation Events

Answer: C

 

NEW QUESTION 40
Which two conditions are necessary for high availability to function between two Cisco FTD devices?
(Choose two.)

  • A. Both devices can be part of a different group that must be in the same domain when configured within the FMC.
  • B. The units must be different models if they are part of the same series.
  • C. The units must be the same model.
  • D. The units must be configured only for firewall routed mode.
  • E. The units must be the same version

Answer: C,E

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

 

NEW QUESTION 41
Which command must be run to generate troubleshooting files on an FTD?

  • A. show tech-support
  • B. sudo sf_troubleshoot.pl
  • C. system generate-troubleshoot all
  • D. system support view-files

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/sourcefire-defense-center/117663-technote-SourceFire-00.html

 

NEW QUESTION 42
Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

  • A. FlexConfig
  • B. BDI
  • C. IRB
  • D. SGT

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/ Firepower_System_Release_Notes_Version_620/new_features_and_functionality.html

 

NEW QUESTION 43
Which action should be taken after editing an object that is used inside an access control policy?

  • A. Refresh the Cisco FMC GUI for the access control policy.
  • B. Delete the existing object in use.
  • C. Create another rule using a different object name.
  • D. Redeploy the updated configuration.

Answer: D

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config- guide-v63/reusable_objects.html

 

NEW QUESTION 44
Refer to the exhibit.

And engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network How is the Firepower configuration updated to protect these new operating systems?

  • A. The administrator requests a Remediation Recommendation Report from Cisco Firepower
  • B. The administrator manually updates the policies.
  • C. Cisco Firepower automatically updates the policies.
  • D. Cisco Firepower gives recommendations to update the policies.

Answer: D

Explanation:
Explanation
Ref:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Tailori

 

NEW QUESTION 45
Refer to the exhibit. What must be done to fix access to this website while preventing the same communication to all other websites?

  • A. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50.
  • B. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50.
  • C. Create an access control policy rule to allow port 80 to only 172.1.1.50.
  • D. Create an access control policy rule to allow port 443 to only 172.1.1.50.

Answer: C

 

NEW QUESTION 46
Which two deployment types support high availability? (Choose two.)

  • A. virtual appliance in public cloud
  • B. intra-chassis multi-instance
  • C. transparent
  • D. clustered
  • E. routed

Answer: C,E

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html

 

NEW QUESTION 47
A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverses the data center FTD appliance Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue?

  • A. Use the Packet Capture feature to collect real-time network traffic
  • B. Use the Packet Analysis feature for capturing network data
  • C. Use the Packet Tracer feature for traffic policy analysis
  • D. Use the Packet Export feature to save data onto external drives

Answer: A

 

NEW QUESTION 48
The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?

  • A. file analysis
  • B. prevalence
  • C. threat root cause
  • D. vulnerable software

Answer: A

 

NEW QUESTION 49
An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem?

  • A. The backup file is not in .cfg format.
  • B. The backup file extension was changed from tar to zip
  • C. The backup file was not enabled prior to being applied
  • D. The backup file is too large for the Cisco FTD device

Answer: B

 

NEW QUESTION 50
An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?

  • A. redundant interfaces on the firewall noncluster mode and switches
  • B. vPC on the switches to the span EtherChannel on the firewall cluster
  • C. redundant interfaces on the firewall cluster mode and switches
  • D. vPC on the switches to the interface mode on the firewall duster

Answer: B

 

NEW QUESTION 51
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?

  • A. The interfaces belong to multiple interface groups.
  • B. The administrator is adding an interface that is in multiple zones.
  • C. The interfaces are being used for NAT for multiple networks.
  • D. The administrator is adding interfaces of multiple types.

Answer: A

 

NEW QUESTION 52
An organization has seen a lot of traffic congestion on their links going out to the internet There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?

  • A. Create a QoS policy rate-limiting high bandwidth applications
  • B. Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses
  • C. Create a flexconfig policy to use WCCP for application aware bandwidth limiting
  • D. Create a VPN policy so that direct tunnels are established to the business applications

Answer: A

 

NEW QUESTION 53
Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?

  • A. plus
  • B. apex
  • C. base
  • D. mobility

Answer: A

 

NEW QUESTION 54
Which two deployment types support high availability? (Choose two.)

  • A. virtual appliance in public cloud
  • B. intra-chassis multi-instance
  • C. transparent
  • D. clustered
  • E. routed

Answer: C,E

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config- guide-v61/firepower_threat_defense_high_availability.html

 

NEW QUESTION 55
There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic What is a result of enabling TLS'SSL decryption to allow this visibility?

  • A. It has minimal performance impact
  • B. It is not subject to any Privacy regulations
  • C. It will fail if certificate pinning is not enforced
  • D. It prompts the need for a corporate managed certificate

Answer: D

 

NEW QUESTION 56
What are the minimum requirements to deploy a managed device inline?

  • A. passive interface, MTU, and mode
  • B. inline interfaces, MTU, and mode
  • C. inline interfaces, security zones, MTU, and mode
  • D. passive interface, security zone, MTU, and mode

Answer: B

 

NEW QUESTION 57
Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?

  • A. audit
  • B. Windows domain controller
  • C. triage
  • D. protection

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/214933-amp-for-endpoints- deployment-methodology.html

 

NEW QUESTION 58
A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. Which technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

  • A. utilizing policy inheritance
  • B. creating a unique Access Control Policy per device
  • C. creating an Access Control Policy with an INSIDE_NET network object and object overrides
  • D. utilizing a dynamic Access Control Policy that updates from Cisco Talos

Answer: C

 

NEW QUESTION 59
Within an organization's high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

  • A. multi-instance firewalls
  • B. redundant interfaces
  • C. span EtherChannel clustering
  • D. high availability active/standby firewalls

Answer: A

 

NEW QUESTION 60
Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?

  • A. FTD RTC
  • B. ISEGrid
  • C. FMC RTC
  • D. pxGrid

Answer: D

 

NEW QUESTION 61
Which two routing options are valid with Cisco FTD? (Choose Two)

  • A. BGPv4 in transparent firewall mode
  • B. BGPv4 with nonstop forwarding
  • C. ECMP with up to three equal cost paths across multiple interfaces
  • D. BGPv6
  • E. ECMP with up to three equal cost paths across a single interface

Answer: B,E

 

NEW QUESTION 62
An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see the Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

  • A. Use the capture command and specify the trace option to get the required information.
  • B. Perform the trace within the Cisco FMC GUI instead of the Cisco FTD CLI.
  • C. Use the verbose option as a part of the capture-traffic command
  • D. Specify the trace using the -T option after the capture-traffic command.

Answer: C

 

NEW QUESTION 63
......

Feel Cisco 300-710 Dumps PDF Will likely be The best Option: https://dumpstorrent.actualpdf.com/300-710-real-questions.html

Related Articles

more
Cisco 300-710 Certification Practice Exam