
Get Ready to Pass the 300-710 exam with Cisco Latest Practice Exam
Get Prepared for Your 300-710 Exam With Actual Cisco Study Guide!
Domain #2. Configuration
The next 30% of the syllabus is based on the configuration principles. In this section, a detailed understanding of setting up system settings in the Cisco Firepower Management Center can be gained. When mastering this module is in progress, obtaining skills related to accessing control, intrusion, malware, DNS, identity, SSL, prefilter, and network discovery is required. Besides, this section explains the concepts like application detector, correlation, actions, and object management. Intrusion rules, device management, NAT, VPN, QoS, certificates, and platform setting are other covered topics.
Passing the Cisco 300-710 exam is an excellent way for professionals to demonstrate their expertise in network security and their ability to implement effective security solutions using Cisco Firepower. Securing Networks with Cisco Firepower certification also provides a competitive edge in the job market, as it is highly valued by employers. Candidates who pass the exam will receive the Cisco Certified Network Professional Security (CCNP Security) certification, which is recognized worldwide as a mark of excellence in network security.
NEW QUESTION # 44
An organization is migrating their Cisco ASA devices running in multicontext mode to Cisco FTD devices. Which action must be taken to ensure that each context on the Cisco ASA is logically separated in the Cisco FTD devices?
- A. Add the Cisco FTD device to the Cisco ASA port channels.
- B. Add a native instance to distribute traffic to each Cisco FTD context.
- C. Configure the Cisco FTD to use port channels spanning multiple networks.
- D. Configure a container instance in the Cisco FTD for each context in the Cisco ASA.
Answer: D
NEW QUESTION # 45
A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?
- A. Specify the BVl IP address as the default gateway for connected devices.
- B. Add an IP address to the physical Cisco Firepower interfaces.
- C. Configure a bridge group in transparent mode.
- D. Enable routing on the Cisco Firepower
Answer: C
Explanation:
Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a "bump in the wire," or a "stealth firewall," and is not seen as a router hop to connected devices. However, like any other firewall, access control between interfaces is controlled, and all of the usual firewall checks are in place. Layer 2 connectivity is achieved by using a "bridge group" where you group together the inside and outside interfaces for a network, and the ASA uses bridging techniques to pass traffic between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to which you assign an IP address on the network. You can have multiple bridge groups for multiple networks. In transparent mode, these bridge groups cannot communicate with each other. https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/intro-fw.html
NEW QUESTION # 46
Which group within Cisco does the Threat Response team use for threat analysis and research?
- A. Cisco Network Response
- B. Cisco Deep Analytics
- C. Cisco Talos
- D. OpenDNS Group
Answer: C
Explanation:
Section: Management and Troubleshooting
Explanation/Reference: https://www.cisco.com/c/en/us/products/security/threat-response.html#~benefits
NEW QUESTION # 47
An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device?
- A. Use the -c option to restrict the packet capture to only the first 100 packets.
- B. Use the host filter in the packet capture to capture traffic to or from a specific host.
- C. Redirect the packet capture output to a .pcap file that can be opened with Wireshark.
- D. Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.
Answer: B
NEW QUESTION # 48
What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?
- A. Matching traffic is not rate limited.
- B. The system rate-limits all traffic.
- C. The system repeatedly generates warnings.
- D. The rate-limiting rule is disabled.
Answer: A
Explanation:
Section: Configuration
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/quality_of_service_qos.pdf
NEW QUESTION # 49
An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem?
- A. The backup file is not in .cfg format.
- B. The backup file extension was changed from tar to zip
- C. The backup file is too large for the Cisco FTD device
- D. The backup file was not enabled prior to being applied
Answer: B
NEW QUESTION # 50
Which object type supports object overrides?
- A. DNS server group
- B. security group tag
- C. time range
- D. network object
Answer: D
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reusable_Objects.html#concept_8BFE8B9A83D742D9B647A74F7AD50053
NEW QUESTION # 51
A network administrator wants to block traffic to a known malware site at https://www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?
- A. DNS policy
- B. Prefilter policy
- C. Access Control policy with URL filtering
- D. SSL policy
Answer: C
NEW QUESTION # 52
Which limitation applies to Cisco FMC dashboards in a multi-domain environment?
- A. Child domains have access to only a limited set of widgets from ancestor domains.
- B. Only the administrator of the top ancestor domain is able to view dashboards.
- C. Child domains are not able to view dashboards that originate from an ancestor domain.
- D. Child domains are able to view but not edit dashboards that originate from an ancestor domain.
Answer: C
Explanation:
Section: Management and Troubleshooting
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Using_Dashboards.html
NEW QUESTION # 53
Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?
- A. configure manager local Cisco123 10.0.0.10
- B. configure manager add Cisco123 10.0.0.10
- C. configure manager add 10.0.0.10 Cisco123
- D. configure manager local 10.0.0.10 Cisco123
Answer: C
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmt- nw.html#id_106101
NEW QUESTION # 54
An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface However if the time is exceeded the configuration must allow packets to bypass detection What must be configured on the Cisco FMC to accomplish this task?
- A. Fast-Path Rules Bypass
- B. Cisco ISE Security Group Tag
- C. Automatic Application Bypass
- D. Inspect Local Traffic Bypass
Answer: C
NEW QUESTION # 55
An organization has seen a lot of traffic congestion on their links going out to the internet There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?
- A. Create a VPN policy so that direct tunnels are established to the business applications
- B. Create a QoS policy rate-limiting high bandwidth applications
- C. Create a flexconfig policy to use WCCP for application aware bandwidth limiting
- D. Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses
Answer: B
NEW QUESTION # 56
What is a limitation to consider when running a dynamic routing protocol on a Cisco FTD device in IRB mode?
- A. Only nonbridge interfaces are supported.
- B. Only link-stale routing protocols are supported.
- C. Only EtherChannel interfaces are supposed.
- D. Only distance vector routing protocols are supported.
Answer: A
Explanation:
Explanation
Integrated routing and bridging (IRB) is a feature that allows you to route between different bridge groups on a Cisco FTD device. A bridge group is a logical interface that acts as a container for one or more physical or logical interfaces that belong to the same layer 2 broadcast domain. You can assign an IP address to a bridge group interface (BVI) and enable routing protocols on it, just like a regular routed interface. However, when you run a dynamic routing protocol on a Cisco FTD device in IRB mode, you can only use nonbridge interfaces as routing peers. You cannot use bridge group interfaces or bridge group member interfaces as routing peers2. This is because the routing protocol packets are sent and received on the nonbridge interfaces, and the bridge group interfaces are used only for forwarding data traffic3.
NEW QUESTION # 57
A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows.
It must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?
- A. bypass
- B. failsafe
- C. inline tap
- D. promiscuous
Answer: D
NEW QUESTION # 58
An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?
- A. Change the firewall mode to routed.
- B. Change the firewall mode to transparent.
- C. Create a bridge group with the firewall interfaces.
- D. Create a firewall rule to allow CDP traffic.
Answer: A
NEW QUESTION # 59
......
Pass Your Next 300-710 Certification Exam Easily & Hassle Free: https://www.lead1pass.com/Cisco/300-710-practice-exam-dumps.html
Free Cisco 300-710 Exam Question Practice Exams: https://drive.google.com/open?id=1ZT0K6jV-qpO6EWF0JcIpfMiCOPyEHcMq