Cisco

Exam Questions 300-710

Securing Networks with Cisco Firepower (SNCF)
NEW QUESTION 1
What are the minimum requirements to deploy a managed device inline?
A. inline interfaces, security zones, MTU, and mode
B. passive interface, MTU, and mode
C. inline interfaces, MTU, and mode
D. passive interface, security zone, MTU, and mode
Answer: C

NEW QUESTION 2
With Cisco Firepower Threat Defense software, which interface mode must be configured to
passively receive traffic that passes through the appliance?
A. inline set
B. passive
C. routed
D. inline tap
Answer: B

NEW QUESTION 3
Which protocol establishes network redundancy in a switched Firepower device
deployment?
A. STP
B. HSRP
C. GLBP
D. VRRP
Answer: A

NEW QUESTION 4
Which Cisco Firepower Threat Defense, which two interface settings are required when
configuring a routed interface? (Choose two.)
A. Redundant Interface
B. EtherChannel
C. Speed
D. Media Type
E. Duplex
Answer: CE
NEW QUESTION 5
Which two actions can be used in an access control policy rule? (Choose two.)
A. Block with Reset
B. Monitor
C. Analyze
D. Discover
E. Block ALL
Answer: AB

NEW QUESTION 6
What is the result of specifying of QoS rule that has a rate limit that is greater than the
maximum throughput of an interface?
A. The rate-limiting rule is disabled.
B. Matching traffic is not rate limited.
C. The system rate-limits all traffic.
D. The system repeatedly generates warnings.
Answer: B

NEW QUESTION 7
Which Firepower feature allows users to configure bridges in routed mode and enables
devices to perform Layer 2 switching between interfaces?
A. FlexConfig
B. BDI
C. SGT
D. IRB
Answer: D

NEW QUESTION 8
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7
application protocols.
B. reputation-based objects that represent Security Intelligence feeds and lists, application
filters based on category and reputation, and file lists
C. network-based objects that represent IP address and networks, port/protocols pairs,
VLAN tags, security zones, and origin/destination country
D. network-based objects that represent FQDN mappings and networks, port/protocol pairs,
VXLAN tags, security zones and origin/destination country
E. reputation-based objects, such as URL categories
Answer: BC
NEW QUESTION 9
Which report template field format is available in Cisco FMC?
A. box lever chart
B. arrow chart
C. bar chart
D. benchmark chart
Answer: C

NEW QUESTION 10
Which group within Cisco does the Threat Response team use for threat analysis and
research?
A. Cisco Deep Analytics
B. OpenDNS Group
C. Cisco Network Response
D. Cisco Talos
Answer: D

NEW QUESTION 10
Which CLI command is used to generate firewall debug messages on a Cisco Firepower?
A. system support firewall-engine-debug
B. system support ssl-debug
C. system support platform
D. system support dump-table
Answer: A
NEW QUESTION 11
Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?
A. show running-config
B. show tech-support chassis
C. system support diagnostic-cli
D. sudo sf_troubleshoot.pl
Answer: D
Explanation:
41 Which CLI command is used to control special handling of ClientHello messages?
A. system support ssl-client-hello-tuning
B. system support ssl-client-hello-display
C. system support ssl-client-hello-force-reset
D. system support ssl-client-hello-enabled

NEW QUESTION 12
When do you need the file-size command option during troubleshooting with packet
capture?
A. when capture packets are less than 16 MB
B. when capture packets are restricted from the secondary memory
C. when capture packets exceed 10 GB
D. when capture packets exceed 32 MB
Answer: D
NEW QUESTION 14
Which limitation applies to Cisco Firepower Management Center dashboards in a
multidomain environment?
A. Child domains can view but not edit dashboards that originate from an ancestor domain.
B. Child domains have access to only a limited set of widgets from ancestor domains.
C. Only the administrator of the top ancestor domain can view dashboards.
D. Child domains cannot view dashboards that originate from an ancestor domain.
Answer: D
NEW QUESTION 15
What is a behavior of a Cisco FMC database purge?
A. User login and history data are removed from the database if the User Activity check box
is selected.
B. Data can be recovered from the device.
C. The appropriate process is restarted.
D. The specified data is removed from Cisco FMC and kept for two weeks.
Answer: C
NEW QUESTION 19
Which action should you take when Cisco Threat Response notifies you that AMP has
identified a file as malware?
A. Add the malicious file to the block list.
B. Send a snapshot to Cisco for technical support.
C. Forward the result of the investigation to an external threat-analysis engine.
D. Wait for Cisco Threat Response to automatically block the malware.
Answer: A
NEW QUESTION 24
Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring
endpoint actively?
A. Windows domain controller
B. audit
C. triage
D. protection
Answer: B
NEW QUESTION 28
In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot
be reached?
A. unavailable
B. unknown
C. clean
D. disconnected
Answer: A
NEW QUESTION 29
Which two remediation options are available when Cisco FMC is integrated with Cisco ISE?
(Choose two.)
A. dynamic null route configured
B. DHCP pool disablement
C. quarantine
D. port shutdown
E. host shutdown
Answer: CD

NEW QUESTION 1
What is a result of enabling Cisco FTD clustering?
A. For the dynamic routing feature, if the master unit fails, the newly elected master unit
maintains all existing connections.
B. Integrated Routing and Bridging is supported on the master unit.
C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are
dropped if the master unit fails.
D. All Firepower appliances can support Cisco FTD clustering.
Answer: C
NEW QUESTION 2
On the advanced tab under inline set properties, which allows interfaces to emulate a
passive interface?
A. transparent inline mode
B. TAP mode
C. strict TCP enforcement
D. propagate link state
Answer: D
NEW QUESTION 4
Which two deployment types support high availability? (Choose two.)
A. transparent
B. routed
C. clustered
D. intra-chassis multi-instance
E. virtual appliance in public cloud
Answer: AB

NEW QUESTION 5
Which protocol establishes network redundancy in a switched Firepower device
deployment?
A. STP
B. HSRP
C. GLBP
D. VRRP
Answer: A
NEW QUESTION 6
Which two dynamic routing protocols are supported in Firepower Threat Defense without
using FlexConfig? (Choose two.)
A. EIGRP
B. OSPF
C. static routing
D. IS-IS
E. BGP
Answer: CE

NEW QUESTION 7
When creating a report template, how can the results be limited to show only the activity of
a specific subnet?
A. Create a custom search in Firepower Management Center and select it in each section of
the report.
B. Add an Input Parameter in the Advanced Settings of the report, and set the type to
Network/IP.
C. Add a Table View section to the report with the Search field defined as the network in
CIDR format.
D. Select IP Address as the X-Axis in each section of the report.
Answer: B
NEW QUESTION 8
A. Monitor
B. Block
C. Interactive Block
D. Allow with Warning
Answer: C
NEW QUESTION 9
In which two ways do access control policies operate on a Cisco Firepower system?
(Choose two.)
A. Traffic inspection can be interrupted temporarily when configuration changes are
deployed.
B. The system performs intrusion inspection followed by file inspection.
C. They can block traffic based on Security Intelligence data.
D. File policies use an associated variable set to perform intrusion prevention.
E. The system performs a preliminary inspection on trusted traffic to validate that it matches
the trusted parameters.
Answer: AC
NEW QUESTION 10
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7
application protocols.
B. reputation-based objects that represent Security Intelligence feeds and lists, application
filters based on category and reputation, and file lists
C. network-based objects that represent IP address and networks, port/protocols pairs,
VLAN tags, security zones, and origin/destination country
D. network-based objects that represent FQDN mappings and networks, port/protocol pairs,
VXLAN tags, security zones and origin/destination country
E. reputation-based objects, such as URL categories
Answer: BC
NEW QUESTION 10
Which command is run at the CLI when logged in to an FTD unit, to determine whether the
unit is managed locally or by a remote FMC server?
A. system generate-troubleshoot
B. show configuration session
C. show managers
D. show running-config | include manager
Answer: C
NEW QUESTION 15
How many report templates does the Cisco Firepower Management Center support?
A. 20
B. 10
C. 5
D. unlimited
Answer: D
NEW QUESTION 17
Which group within Cisco does the Threat Response team use for threat analysis and
research?
A. Cisco Deep Analytics
B. OpenDNS Group
C. Cisco Network Response
D. Cisco Talos
Answer: D
NEW QUESTION 20
Which command-line mode is supported from the Cisco Firepower Management Center
CLI?
A. privileged
B. user
C. configuration
D. admin
Answer: C
Question 1 ( Deployment )

What is a result of enabling Cisco FTD clustering?

 A. For the dynamic routing feature, if the master unit fails, the newly elected master unit
maintains all existing connections.
 B. Integrated Routing and Bridging is supported on the master unit.
 C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections
are dropped if the master unit fails.
 D. All Firepower appliances support Cisco FTD clustering.

Answer : C

Question 2 ( Deployment )

Which two conditions are necessary for high availability to function between two Cisco FTD
devices? (Choose two.)

 A. The units must be the same version

 B. Both devices can be part of a different group that must be in the same domain when
configured within the FMC.
 C. The units must be different models if they are part of the same series.
 D. The units must be configured only for firewall routed mode.
 E. The units must be the same model.

Answer : AE

Question 3 ( Deployment )

On the advanced tab under inline set properties, which allows interfaces to emulate a passive
interface?

 A. transparent inline mode

 B. TAP mode
 C. strict TCP enforcement
 D. propagate link state

Answer : D

Question 4 ( Deployment )

What are the minimum requirements to deploy a managed device inline?

 A. inline interfaces, security zones, MTU, and mode

 B. passive interface, MTU, and mode
  C. inline interfaces, MTU, and mode
 D. passive interface, security zone, MTU, and mode

Answer : C

Question 5 ( Deployment )

What is the difference between inline and inline tap on Cisco Firepower?

 A. Inline tap mode can send a copy of the traffic to another device.
 B. Inline tap mode does full packet capture.
 C. Inline mode cannot do SSL decryption.
 D. Inline mode can drop malicious traffic.

Answer : D

Question 6 ( Deployment )

With Cisco FTD software, which interface mode must be configured to passively receive traffic
that passes through the appliance?

 A. inline set
 B. passive
 C. routed
 D. inline tap

Answer : B

Question 7 ( Deployment )

Which two deployment types support high availability? (Choose two.)

 A. transparent
 B. routed
 C. clustered
 D. intra-chassis multi-instance
 E. virtual appliance in public cloud

Answer : AB
Question 8 ( Deployment )

Which protocol establishes network redundancy in a switched Firepower device deployment?

 A. STP
 B. HSRP
 C. GLBP
 D. VRRP

Answer : A

Question 9 ( Deployment )

Which interface type allows packets to be dropped?

 A. passive
 B. inline
 C. ERSPAN
 D. TAP

Answer : B

Question 10 ( Deployment )

Which Cisco Firepower Threat Defense, which two interface settings are required when
configuring a routed interface? (Choose two.)

 A. Redundant Interface
 B. EtherChannel
 C. Speed
 D. Media Type
 E. Duplex

Answer : CE

Question 11 ( Deployment )

Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig?
(Choose two.)

 A. EIGRP
  B. OSPF
 C. static routing
 D. IS-IS
 E. BGP

Answer : CE

Question 12 ( Deployment )

Which policy rule is included in the deployment of a local DMZ during the initial deployment of
a Cisco NGFW through the Cisco FMC GUI?

 A. a default DMZ policy for which only a user can change the IP addresses.
 B. deny ip any
 C. no policy rule is included
 D. permit ip any

Answer : C

Question 13 ( Deployment )

What are two application layer preprocessors? (Choose two.)

 A. CIFS
 B. IMAP
 C. SSL
 D. DNP3
 E. ICMP

Answer : BC

Question 14 ( Deployment )

An engineer is implementing Cisco FTD in the network and is determining which Firepower
mode to use. The organization needs to have multiple virtual
Firepower devices working separately inside of the FTD appliance to provide traffic
segmentation. Which deployment mode should be configured in the Cisco
Firepower Management Console to support these requirements?

 A. multi-instance
 B. multiple deployment
  C. single deployment
 D. single-context

Answer : A

Question 15 ( Deployment )

A network engineer is extending a user segment through an FTD device for traffic inspection
without creating another IP subnet. How is this accomplished on an
FTD device in routed mode?

 A. by assigning an inline set interface

 B. by using a BVI and creating a BVI IP address in the same subnet as the user segment
 C. by leveraging the ARP to direct traffic through the firewall
 D. by bypassing protocol inspection by leveraging pre-filter rules

Answer : A

Question 16 ( Deployment )

An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-
wire interfaces. Which interface mode should be used to meet these requirements?

 A. passive
 B. routed
 C. transparent
 D. inline set

Answer : D

Question 17 ( Deployment )

An organization has noticed that malware was downloaded from a website that does not
currently have a known bad reputation. How will this issue be addressed globally in the quickest
way possible and with the least amount of impact?

 A. by creating a URL object in the policy to block the website.

 B. Cisco Talos will automatically update the policies.
 C. by denying outbound web access
 D. by isolating the endpoint
Answer : B

Question 18 ( Deployment )

The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop
events, which are overshadowing high priority events. An engineer has been tasked with
reviewing the policies and reducing the low priority events. Which action should be configured
to accomplish this task?

 A. drop packet
 B. generate events
 C. drop connection
 D. drop and generate

Answer : B

Question 19 ( Deployment )

With Cisco FTD integrated routing and bridging, which interface does the bridge group use to
communicate with a routed interface?

 A. subinterface
 B. switch virtual
 C. bridge virtual
 D. bridge group member

Answer : C

Question 20 ( Deployment )

An engineer is setting up a new Firepower deployment and is looking at the default FMC
policies to start the implementation. During the initial trial phase, the organization wants to test
some common Snort rules while still allowing the majority of network traffic to pass. Which
default policy should be used?

 A. Balanced Security and Connectivity

 B. Security Over Connectivity
 C. Maximum Detection
 D. Connectivity Over Security
Answer : D

Question 21 ( Deployment )

An engineer is configuring a second Cisco FMC as a standby device but is unable to register
with the active unit. What is causing this issue?

 A. The code versions running on the Cisco FMC devices are different.
 B. The licensing purchased does not include high availability.
 C. The primary FMC currently has devices connected to it.
 D. There is only 10 Mbps of bandwidth between the two devices.

Answer : A

Question 22 ( Deployment )

While configuring FTD, a network engineer wants to ensure that traffic passing though the
appliance does not require routing or VLAN rewriting. Which interface mode should the
engineer implement to accomplish this task?

 A. inline set
 B. passive
 C. transparent
 D. inline tap

Answer : B

Question 23 ( Deployment )

A mid-sized company is experiencing higher network bandwidth utilization due to a recent

acquisition. The network operations team is asked to scale up their one
Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth.
Which design option should be used to accomplish this goal?

 A. Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.

 B. Deploy multiple Cisco FTD appliances in firewall clustering mode to increase
performance.
 C. Deploy multiple Cisco FTD appliances using VPN load-balancing to scale
performance.
 D. Deploy multiple Cisco FTD HA pairs to increase performance.
Answer : B

Question 24 ( Deployment )

In a multi-tenant deployment where multiple domains are in use, which update should be applied
outside of the Global Domain?

 A. minor upgrade
 B. local import of intrusion rules
 C. Cisco Geolocation Database
 D. local import of major upgrade

Answer : C

Question 25 ( Deployment )

An organization has a compliancy requirement to protect servers from clients, however, the
clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for
clients or servers, how is segmentation achieved?

 A. Change the IP addresses of the servers, while remaining on the same subnet.
 B. Deploy a firewall in routed mode between the clients and servers.
 C. Change the IP addresses of the clients, while remaining on the same subnet.
 D. Deploy a firewall in transparent mode between the clients and servers.

Answer : B

Question 26 ( Deployment )

Network traffic coming from an organization‫ג‬€™s CEO must never be denied. Which access
control policy configuration option should be used if the deployment engineer is not permitted to
create a rule to allow all traffic?

 A. Change the intrusion policy from security to balance.

 B. Configure a trust policy for the CEO.
 C. Configure firewall bypass.
 D. Create a NAT policy just for the CEO.

Answer : B

Question 27 ( Deployment )
What is a characteristic of bridge groups on a Cisco FTD?

 A. In routed firewall mode, routing between bridge groups is supported.

 B. Routing between bridge groups is achieved only with a router-on-a-stick configuration on a
connected router.
 C. In routed firewall mode, routing between bridge groups must pass through a routed
interface.
 D. In transparent firewall mode, routing between bridge groups is supported.

Answer : A

Question 28 ( Deployment )

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member
ingress interface. What must be considered by an engineer tasked with specifying a destination
MAC address for a packet trace?

 A. The output format option for the packet logs is unavailable.

 B. Only the UDP packet type is supported.
 C. The destination MAC address is optional if a VLAN ID value is entered.
 D. The VLAN ID and destination MAC address are optional.

Answer : C

Question 29 ( Deployment )

With Cisco FTD software, which interface mode must be configured to passively receive traffic
that passes through the appliance?

 A. ERSPAN
 B. firewall
 C. tap
 D. IPS-only

Answer : A

Question 30 ( Deployment )

An engineer is monitoring network traffic from their sales and product development
departments, which are on two separate networks. What must be configured in order to maintain
data privacy for both departments?
  A. Use passive IDS ports for both departments.
 B. Use a dedicated IPS inline set for each department to maintain traffic separation.
 C. Use 802.1Q inline set Trunk interfaces with VLANs to maintain logical traffic separation.
 D. Use one pair of inline set in TAP mode for both departments.

Answer : D