DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Efficient Cisco 300-710 SNCF Exam Preparation with Updated Practice Questions

Elevate your Cisco Data Center certification journey with our comprehensive collection of real Cisco 300-710 SNCF exam questions and answers. Meticulously crafted by industry experts, our exam resources provide an authentic and immersive exam preparation experience. Our study material includes a vast array of practice tests and practice exams that accurately simulate the real certification exam environment. Each exam question is carefully vetted to ensure relevance and accuracy, covering every topic and concept you need to master. Our test questions are designed to identify your strengths and weaknesses, allowing you to focus your studies effectively. With our unparalleled exam preparation tools, you'll gain the confidence to successfully pass the 300-710 SNCF exam on your first attempt. Invest in your future today and unlock the door to Cisco Data Center certification success with our proven exam resources.
Take other online exams

Question #1
An engineer has been asked to show application usages automatically on a monthly basis and send the information to management.What mechanism should be used to accomplish this task?
A. vent viewer
B. eports
C. ashboards
D. ontext explorer
View answer
Correct Answer: B
Question #2
An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network Without readdressing IP subnets for clients or servers, how is segmentation achieved?
A. eploy a firewall in transparent mode between the clients and servers
B. hange the IP addresses of the clients, while remaining on the same subnet
C. eploy a firewall in routed mode between the clients and servers
D. hange the IP addresses of the servers, while remaining on the same subnet
View answer
Correct Answer: A
Question #3
An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass.Which default policy should be used?
A. aximum Detection
B. ecurity Over Connectivity
C. alanced Security and Connectivity
D. onnectivity Over Security
View answer
Correct Answer: C
Question #4
There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic.What is a result of enabling TLS'SSL decryption to allow this visibility?
A. t prompts the need for a corporate managed certificate
B. t has minimal performance impact
C. t is not subject to any Privacy regulations
D. t will fail if certificate pinning is not enforced
View answer
Correct Answer: A
Question #5
A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place.What must be done in order to minimize downtime on the network?
A. onfigure a second circuit to an ISP for added redundancy
B. eep a copy of the current configuration to use as backup
C. onfigure the Cisco FMCs for failover
D. onfigure the Cisco FMC managed devices for clustering
View answer
Correct Answer: B
Question #6
08. Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?
A. ransparentinlinemode
B. APmode
C. trictTCPenforceme
D. ropagatelinkstate
View answer
Correct Answer: D
Question #7
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it.What is the reason for this issue?
A. he interfaces are being used for NAT for multiple networks
B. he administrator is adding interfaces of multiple types
C. he administrator is adding an interface that is in multiple zones
D. he interfaces belong to multiple interface groups
View answer
Correct Answer: A
Question #8
06. In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?
A. HA-1024
B. HA-4096
C. HA-512
D. HA-256
View answer
Correct Answer: D
Question #9
Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)
A. onitor
B. lock
C. nteractive Block
D. llow with Warning
View answer
Correct Answer: AC
Question #10
Which two deployment types support high availability? (Choose two.)
A. TP
B. SRP
C. LBP
D. RRP
View answer
Correct Answer: AB
Question #11
An organization is migrating their Cisco ASA devices running in multicontext mode to Cisco FTD devices.Which action must be taken to ensure that each context on the Cisco ASA is logically separated in the Cisco FTD devices?
A. dd a native instance to distribute traffic to each Cisco FTD context
B. dd the Cisco FTD device to the Cisco ASA port channels
C. onfigure a container instance in the Cisco FTD for each context in the Cisco ASA
D. onfigure the Cisco FTD to use port channels spanning multiple networks
View answer
Correct Answer: C
Question #12
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?
A. The interfaces are being used for NAT for multiple networks
B. The administrator is adding interfaces of multiple types
C. The administrator is adding an interface that is in multiple zones
D. The interfaces belong to multiple interface groups
View answer
Correct Answer: D
Question #13
What is the difference between inline and inline tap on Cisco Firepower?
A. nline tap mode can send a copy of the traffic to another device
B. nline tap mode does full packet capture
C. nline mode cannot do SSL decryption
D. nline mode can drop malicious traffic
View answer
Correct Answer: D
Question #14
A security engineer is configuring an Access Control Policy for multiple branch locations These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location.What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?
A. tilizing policy inheritance
B. tilizing a dynamic ACP that updates from Cisco Talos
C. reating a unique ACP per device
D. reating an ACP with an INSIDE_NET network object and object overrides
View answer
Correct Answer: D
Question #15
An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10 10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network.What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?
A. elete and reregister the device to Cisco FMC
B. pdate the IP addresses from IFV4 to IPv6 without deleting the device from Cisco FMC
C. ormat and reregister the device to Cisco FM
D. isco FMC does not support devices that use IPv4 IP addresses
View answer
Correct Answer: A
Question #16
An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall How is this issue resolved?
A. se traceroute with advanced options
B. se Wireshark with an IP subnet filter
C. se a packet capture with match criteria
D. se a packet sniffer with correct filtering
View answer
Correct Answer: C
Question #17
An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?
A. nline tap monitor-only mode
B. assive monitor-only mode
C. assive tap monitor-only mode
D. nline mode
View answer
Correct Answer: C
Question #18
An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime During the setup process, the synchronization between the two devices is failing.What action is needed to resolve this issue?
A. onfirm that both devices have the same port-channel numbering
B. onfirm that both devices are running the same software version
C. onfirm that both devices are configured with the same types of interfaces
D. onfirm that both devices have the same flash memory sizes
View answer
Correct Answer: B
Question #19
Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?
A. on-malicious
B. alware
C. nown-good
D. ristine
View answer
Correct Answer: B
Question #20
A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network.What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?
A. apacity handling
B. ocal malware analysis
C. pere analysis
D. ynamic analysis
View answer
Correct Answer: D
Question #21
07. On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?
A. navailable
B. nknow
C. lea
D. isconnected
View answer
Correct Answer: A
Question #22
What is the benefit of selecting the trace option for packet capture?
A. The option indicates whether the packet was dropped or successful
B. The option indicates whether the destination host responds through a different path
C. The option limits the number of packets that are captured
D. The option captures details of each packet
View answer
Correct Answer: C
Question #23
A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown.What is the cause of this issue?
A. he option indicates whether the packet was dropped or successful
B. he option indicated whether the destination host responds through a different path
C. he option limits the number of packets that are captured
D. he option captures details of each packet
View answer
Correct Answer: D
Question #24
An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual Firepower devices working separately inside of the FTD appliance to provide traffic segmentation.Which deployment mode should be configured in the Cisco Firepower Management Console to support these requirements?
A. ultiple deployment
B. ingle-context
C. ingle deployment
D. ulti-instance
View answer
Correct Answer: D
Question #25
03. How many report templates does the Cisco Firepower Management Center support?
A. nlinese
B. assive
C. outed
D. nlinetap
View answer
Correct Answer: B
Question #26
A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?
A. pecify the BVl IP address as the default gateway for connected devices
B. nable routing on the Cisco Firepower
C. dd an IP address to the physical Cisco Firepower interfaces
D. onfigure a bridge group in transparent mode
View answer
Correct Answer: D
Question #27
A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet How is this accomplished on an FTD device in routed mode?
A. y leveraging the ARP to direct traffic through the firewall
B. y assigning an inline set interface
C. y using a BVI and create a BVI IP address in the same subnet as the user segment
D. y bypassing protocol inspection by leveraging pre-filter rules
View answer
Correct Answer: C
Question #28
An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD.Which policy must be configured to accomplish this goal?
A. refilter
B. ntrusion
C. dentity
D. RL filtering
View answer
Correct Answer: A
Question #29
An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic.What must be done to meet these requirements?
A. onfigure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies
B. nable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic
C. onfigure the Cisco Firepower devices to bypass the access control policies for VPN traffic
D. une the intrusion policies in order to allow the VPN traffic through without inspection
View answer
Correct Answer: B
Question #30
What is a result of enabling Cisco FTD clustering?
A. or the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections
B. ntegrated Routing and Bridging is supported on the master unit
C. ite-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails
D. ll Firepower appliances support Cisco FTD clustering
View answer
Correct Answer: C
Question #31
What is the difference between inline and inline tap on Cisco Firepower?
A. nline tap mode can send a copy of the traffic to another device
B. nline tap mode does full packet capture
C. nline mode cannot do SSL decryption
D. nline mode can drop malicious traffic
View answer
Correct Answer: A
Question #32
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated.Which configuration addresses this concern?
A. he malware license has not been applied to the Cisco FTD
B. he Cisco FMC cannot reach the Internet to analyze files
C. file policy has not been applied to the access policy
D. nly Spero file analysis is enabled
View answer
Correct Answer: C
Question #33
An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware.Which two configuration takes must be performed to achieve this file lookup? (Choose two.)
A. ystem support ssl-client-hello-tuning
B. ystem support ssl-client-hello-display
C. ystem support ssl-client-hello-force-reset
D. ystem support ssl-client-hello-reset
View answer
Correct Answer: DE
Question #34
Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?
A. HA-1024
B. HA-4096
C. HA-512
D. HA-256
View answer
Correct Answer: A
Question #35
A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth.Which design option should be used to accomplish this goal?
A. eploy multiple Cisco FTD appliances in firewall clustering mode to increase performance
B. eploy multiple Cisco FTD appliances using VPN load-balancing to scale performance
C. eploy multiple Cisco FTD HA pairs to increase performance
D. eploy multiple Cisco FTD HA pairs in clustering mode to increase performance
View answer
Correct Answer: A
Question #36
Refer to the exhibit.An organization has an access control rule with the intention of sending all social media traffic for inspection After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed.What must be done to address this issue?
A. odify the selected application within the rule
B. hange the intrusion policy to connectivity over security
C. odify the rule action from trust to allow
D. dd the social network URLs to the block list
View answer
Correct Answer: A
Question #37
05. What is the maximum SHA level of filtering that Threat Intelligence Director supports?
A. indowsdomaincontrolle
B. udi
C. riage
D. rotecti
View answer
Correct Answer: B
Question #38
With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time.Which action should be taken to resolve this issue?
A. anually adjust the time to the correct hour on all managed devices
B. onfigure the system clock settings to use NTP with Daylight Savings checked
C. anually adjust the time to the correct hour on the Cisco FM
D. onfigure the system clock settings to use NTP
View answer
Correct Answer: B
Question #39
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
A. manual NAT exemption rule does not exist at the top of the NAT table
B. n external NAT IP address is not configured
C. n external NAT IP address is configured to match the wrong interface
D. n object NAT exemption rule does not exist at the top of the NAT table
View answer
Correct Answer: BC
Question #40
An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC. What must be done on the primary and secondary CiscoFMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?
A. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails
B. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length
C. Configure high-availability in both the primary and secondary Cisco FMCs
D. Place the active Cisco FMC device on the same trusted management network as the standby device
View answer
Correct Answer: C
Question #41
An organization has seen a lot of traffic congestion on their links going out to the internet There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?
A. reate a flexconfig policy to use WCCP for application aware bandwidth limiting
B. reate a VPN policy so that direct tunnels are established to the business applications
C. reate a NAT policy so that the Cisco Firepower device does not have to translate as many addresses
D. reate a QoS policy rate-limiting high bandwidth applications
View answer
Correct Answer: D
Question #42
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects.What is the reason for this failure?
A. odify the Cisco ISE authorization policy to deny this access to the user
B. odify Cisco ISE to send only legitimate usernames to the Cisco FTD
C. dd the unknown user in the Access Control Policy in Cisco FTD
D. dd the unknown user in the Malware & File Policy in Cisco FT
View answer
Correct Answer: D
Question #43
Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)
A. xGrid
B. TD RTC
C. MC RTC
D. SEGrid
View answer
Correct Answer: CD
Question #44
Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)
A. he units must be the same version
B. oth devices can be part of a different group that must be in the same domain when configured within the FMC
C. he units must be different models if they are part of the same series
D. he units must be configured only for firewall routed mode
E. he units must be the same model
View answer
Correct Answer: AE
Question #45
Which two actions can be used in an access control policy rule? (Choose two.)
A. ime range
B. ecurity group tag
C. etwork object
D. NS server group
View answer
Correct Answer: AB
Question #46
Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?
A. isco Firepower Threat Defense mode
B. ransparent mode
C. outed mode
D. ntegrated routing and bridging
View answer
Correct Answer: B
Question #47
A network administrator notices that SI events are not being updated The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected.What must be done to correct this issue?
A. estart the affected devices in order to reset the configurations
B. anually update the SI event entries to that the appropriate traffic is blocked
C. eplace the affected devices with devices that provide more memory
D. edeploy configurations to affected devices so that additional memory is allocated to the SI module
View answer
Correct Answer: D
Question #48
Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)
A. dd the malicious file to the block list
B. end a snapshot to Cisco for technical support
C. orward the result of the investigation to an external threat-analysis engine
D. ait for Cisco Threat Response to automatically block the malware
View answer
Correct Answer: AB
Question #49
How many report templates does the Cisco Firepower Management Center support?
A. 20
B. 10
C. 5
D. unlimited
View answer
Correct Answer: D
Question #50
Which CLI command is used to generate firewall debug messages on a Cisco Firepower?
A. ystem support firewall-engine-debug
B. ystem support ssl-debug
C. ystem support platform
D. ystem support dump-table
View answer
Correct Answer: A
Question #51
A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?
A. Spero analysis
B. capacity handling
C. local malware analysis
D. dynamic analysis
View answer
Correct Answer: D
Question #52
An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file.What is the problem?
A. estore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails
B. onfigure high-availability in both the primary and secondary Cisco FMCs
C. onnect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length
D. lace the active Cisco FMC device on the same trusted management network as the standby device
View answer
Correct Answer: C
Question #53
When do you need the file-size command option during troubleshooting with packet capture?
A. hen capture packets are less than 16 MB
B. hen capture packets are restricted from the secondary memory
C. hen capture packets exceed 10 GB
D. hen capture packets exceed 32 MB
View answer
Correct Answer: D
Question #54
Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)
A. ransparent inline mode
B. AP mode
C. trict TCP enforcement
D. ropagate link state
View answer
Correct Answer: AE
Question #55
What are the minimum requirements to deploy a managed device inline?
A. nline interfaces, security zones, MTU, and mode
B. assive interface, MTU, and mode
C. nline interfaces, MTU, and mode
D. assive interface, security zone, MTU, and mode
View answer
Correct Answer: C
Question #56
Which action should be taken after editing an object that is used inside an access control policy?
A. elete the existing object in use
B. efresh the Cisco FMC GUI for the access control policy
C. edeploy the updated configuration
D. reate another rule using a different object name
View answer
Correct Answer: C
Question #57
An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco0391521107. Which command set must be used in order to accomplish this?
A. configure manager add ACME001
B. configure manager add ACME001
C. configure manager add ACME001
D. configure manager add DONTRESOLVE AMCE001
View answer
Correct Answer: A
Question #58
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filling the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?
A. Exclude load balancers and NAT devices
B. Leave default networks
C. Increase the number of entries on the NAT device
D. Change the method to TCP/SYN
View answer
Correct Answer: A
Question #59
Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)
A. onfigure manager local 10
B. onfigure manager add Cisco123 10
C. onfigure manager local Cisco123 10
D. onfigure manager add 10
View answer
Correct Answer: BE
Question #60
Which CLI command is used to control special handling of clientHello messages?
A. he backup file is not in
B. he backup file is too large for the Cisco FTD device
C. he backup file extension was changed from tar to zip
D. he backup file was not enabled prior to being applied
View answer
Correct Answer: D
Question #61
10. When do you need the file-size command option during troubleshooting with packet capture?
A. nlineinterfaces,securityzones,MTU,andmode
B. assiveinterface,MTU,andmode
C. nlineinterfaces,MTU,andmode
D. assiveinterface,securityzone,MTU,andmode
View answer
Correct Answer: C
Question #62
An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco388267669.Which command set must be used in order to accomplish this?
A. onfigure manager add ACME001
B. onfigure manager add ACME0O1
C. onfigure manager add DONTRESOLVE AMCE001
D. onfigure manager add registration key> ACME001
View answer
Correct Answer: D
Question #63
04. Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?
A. 0
B. 0
C.
D. nlimited
View answer
Correct Answer: D
Question #64
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time.What configuration change must be made to alleviate this issue?
A. eave default networks
B. hange the method to TCP/SYN
C. ncrease the number of entries on the NAT device
D. xclude load balancers and NAT devices
View answer
Correct Answer: D
Question #65
An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity.When traffic is received by the Cisco IRS, if it is not dropped, how does the traffic get to its destination?
A. t is retransmitted from the Cisco IPS inline set
B. he packets are duplicated and a copy is sent to the destination
C. t is transmitted out of the Cisco IPS outside interface
D. t is routed back to the Cisco ASA interfaces for transmission
View answer
Correct Answer: A
Question #66
An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC.What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?
A. onfigure high-availability in both the primary and secondary Cisco FMCs
B. onnect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length
C. lace the active Cisco FMC device on the same trusted management network as the standby device
D. estore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails
View answer
Correct Answer: D
Question #67
Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?
A. lexConfig
B. DI
C. GT
D. RB
View answer
Correct Answer: D
Question #68
A network administrator must create an EtherChannel Interface on a new Cisco Firepower 9300 appliance registered with an FMC tor high availability. Where must the administrator create the EtherChannel interface?
A. MC CLI
B. TD CLI
C. XOS CLI
D. MC GUI
View answer
Correct Answer: C
Question #69
Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)
A. ser login and history data are removed from the database if the User Activity check box is selected
B. ata can be recovered from the device
C. he appropriate process is restarted
D. he specified data is removed from Cisco FMC and kept for two weeks
View answer
Correct Answer: DE
Question #70
Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)
A. onfigure an IPS policy and enable per-rule logging
B. isable the default IPS policy and enable global logging
C. onfigure an IPS policy and enable global logging
D. isable the default IPS policy and enable per-rule logging
View answer
Correct Answer: BE
Question #71
Refer to the exhibit.And engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network How is the Firepower configuration updated to protect these new operating systems?
A. isco Firepower automatically updates the policies
B. he administrator requests a Remediation Recommendation Report from Cisco Firepower
C. isco Firepower gives recommendations to update the policies
D. he administrator manually updates the policies
View answer
Correct Answer: C
Question #72
Which interface type allows packets to be dropped?
A. assive
B. nline
C. RSPAN
D. AP
View answer
Correct Answer: B
Question #73
DRAG DROP (Drag and Drop is not supported)Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #74
A network administrator is concerned about (he high number of malware files affecting users' machines.What must be done within the access control policy in Cisco FMC to address this concern?
A. reate an intrusion policy and set the access control policy to block
B. reate an intrusion policy and set the access control policy to allow
C. reate a file policy and set the access control policy to allow
D. reate a file policy and set the access control policy to block
View answer
Correct Answer: D
Question #75
Which group within Cisco does the Threat Response team use for threat analysis and research?
A. isco Deep Analytics
B. penDNS Group
C. isco Network Response
D. isco Talos
View answer
Correct Answer: D
Question #76
An engineer Is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection tor company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP lo obtain an IP address. How must the engineer deploy the device to meet this requirement?
A. eploy the device in routed mode and allow DHCP traffic in the access control policies
B. eploy the device in routed made aid enable the DHCP Relay feature
C. eploy the device in transparent mode and allow DHCP traffic in the access control policies
D. eploy the device in transparent mode and enable the DHCP Server feature
View answer
Correct Answer: C
Question #77
A network engineer is configuring URL Filtering on Firepower Threat Defense.Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. 024
B. 192
C. 096
D. 048
View answer
Correct Answer: AE
Question #78
Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)
A. default DMZ policy for which only a user can change the IP addresses
B. eny ip any
C. o policy rule is included
D. ermit ip any
View answer
Correct Answer: CE

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: