cisco 300-710 practice test

securing networks with cisco firepower (300-710 sncf)

Last exam update: Dec 15 ,2024
Page 1 out of 27. Viewing questions 1-10 out of 266

Question 1

With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance?

  • A. ERSPAN
  • B. firewall
  • C. tap
  • D. IPS-only
Answer:

a


Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/ interface_overview_for_firepower_threat_defense.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?

  • A. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.
  • B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.
  • C. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.
  • D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.
Answer:

a


Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/policy_management.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

An administrator is configuring the interface of a Cisco Secure Firewall Threat Defense firewall device in a passive IPS deployment. The device and interface have been identified. Which set of configuration steps must the administrator perform next to complete the implementation?

  • A. Set the interface mode to passive. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.
  • B. Modify the interface to retransmit received traffic. Associate the interface with a security zone Set the MTU parameter
  • C. Set the interface mode to passive. Associate the interface with a security zone. Set the MTU parameter. Reset the interface.
  • D. Modify the interface to retransmit received traffic. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?

  • A. apex
  • B. plus
  • C. base
  • D. mobility
Answer:

b


Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_0111.html#concept_DE1C38E055794B198ED352D1528B5182

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A network administrator wants to block traffic to a known malware site at https:/www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

  • A. Access Control policy with URL filtering
  • B. Prefilter policy
  • C. DNS policy
  • D. SSL policy
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. It must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?

  • A. failsafe
  • B. inline tap
  • C. promiscuous
  • D. bypass
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly; however, return traffic is entering the firewall but not leaving it. What is the reason for this issue?

  • A. A manual NAT exemption rule does not exist at the top of the NAT table
  • B. An external NAT IP address is not configured
  • C. An external NAT IP address is configured to match the wrong interface
  • D. An object NAT exemption rule does not exist at the top of the NAT table
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?

  • A. vulnerable software
  • B. file analysis
  • C. threat root cause
  • D. prevalence
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

An engineer must define a URL object on Cisco FMC. What is the correct method to specify the URL without performing SSL inspection?

  • A. Include all URLs from CRL Distribution Points.
  • B. Use Subject Common Name value.
  • C. Specify all subdomains in the object group.
  • D. Specify the protocol in the object.
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

A network administrator is trying to convert from LDAP to LDAPS for VPN user authentication on a Cisco FTD. Which action must be taken on the Cisco FTD objects to accomplish this task?

  • A. Identify the LDAPS cipher suite and use a Cipher Suite List object to define the Cisco FTD connection requirements.
  • B. Modify the Policy List object to define the session requirements for LDAPS.
  • C. Add a Key Chain object to acquire the LDAPS certificate.
  • D. Create a Certificate Enrollment object to get the LDAPS certificate needed.
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2