securing networks with cisco firepower (300-710 sncf)
Last exam update: Sep 01 ,2024
Page 1 out of 27. Viewing questions 1-10 out of 266
Question 1
Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)
A.
same flash memory size
B.
same NTP configuration
C.
same DHCP/PPoE configuration
D.
same host name
E.
same number of interfaces
Answer:
be
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
None
Discussions
0/ 1000
Question 2
Network traffic coming from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?
A.
Change the intrusion policy from security to balance.
B.
Configure a trust policy for the CEO.
C.
Configure firewall bypass.
D.
Create a NAT policy just for the CEO.
Answer:
b
User Votes:
A
50%
B
50%
C
50%
D
50%
None
Discussions
0/ 1000
Question 3
An administrator is setting up Cisco FirePower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters objet is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?
A.
Create a service identifier to enable the NetFlow service.
B.
Add the NetFlow_Send_Destination object to the configuration.
C.
Create a Security Intelligence object to send the data to Cisco Stealthwatch.
D.
Add the NetFlow_Add_Destination object to the configuration.
Answer:
d
User Votes:
A
50%
B
50%
C
50%
D
50%
None
Discussions
0/ 1000
Question 4
A network administrator must create an EtherChannel interface on a new Cisco Firepower 9300 appliance registered with an FMC for high availability. Where must the administrator create the EtherChannel interface?
An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)
A.
Edit the HTTP request handling in the access control policy to customized block
B.
Modify the system-provided block page result using Python
C.
Create HTML code with the information for the policies and procedures
D.
Change the HTTP response in the access control policy to custom
E.
Write CSS code with the information for the policies and procedures
Answer:
ad
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
None
Discussions
0/ 1000
Question 7
An administrator is configuring the interface of a Cisco Secure Firewall Threat Defense firewall device in a passive IPS deployment. The device and interface have been identified. Which set of configuration steps must the administrator perform next to complete the implementation?
A.
Set the interface mode to passive. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.
B.
Modify the interface to retransmit received traffic. Associate the interface with a security zone Set the MTU parameter
C.
Set the interface mode to passive. Associate the interface with a security zone. Set the MTU parameter. Reset the interface.
D.
Modify the interface to retransmit received traffic. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.
Answer:
a
User Votes:
A
50%
B
50%
C
50%
D
50%
None
Discussions
0/ 1000
Question 8
An administrator is adding a QoS policy to a Cisco FTD deployment. When a new rule is added to the policy and QoS is applied on Interfaces in Destination Interface Objects, no interface objects are available. What is the problem?
A.
The FTD is out of available resources for use, so QoS cannot be added.
B.
The network segments that the interfaces are on do not have contiguous IP space.
C.
A conflict exists between the destination interface types that is preventing QoS from being added.
D.
QoS is available only on routed interfaces, and this device is in transparent mode.
Answer:
d
User Votes:
A
50%
B
50%
C
50%
D
50%
None
Discussions
0/ 1000
Question 9
A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?
A.
The output format option for the packet logs is unavailable.
B.
Only the UDP packet type is supported.
C.
The destination MAC address is optional if a VLAN ID value is entered.
D.
The VLAN ID and destination MAC address are optional.
An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?
A.
Download a PCAP of the traffic to verify the blocks and use the FlexConfig to override the existing policy.
B.
Review the output in connection events to validate the block, and modify the policy to allow the traffic.
C.
Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.
D.
Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.