Securing Networks with Cisco Firepower (300-710 SNCF) v1.0

Page:    1 / 21   
Exam contains 311 questions
Expand All

A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network?

  • A. Configure a second circuit to an ISP for added redundancy.
  • B. Keep a copy of the current configuration to use as backup.
  • C. Configure the Cisco FMCs for failover.
  • D. Configure the Cisco FMC managed devices for clustering.


Answer : C

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished?

  • A. Modify the network discovery policy to detect new hosts to inspect.
  • B. Modify the access control policy to redirect interesting traffic to the engine.
  • C. Modify the intrusion policy to determine the minimum severity of an event to inspect.
  • D. Modify the network analysis policy to process the packets for inspection.


Answer : D

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/fdm/fptd-fdm-config-guide-670/fptd-fdm-intrusion.html

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs. Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

  • A. Deploy the firewall in transparent mode with access control policies
  • B. Deploy the firewall in routed mode with access control policies
  • C. Deploy the firewall in routed mode with NAT configured
  • D. Deploy the firewall in transparent mode with NAT configured


Answer : C

Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.html

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

  • A. in active/active mode
  • B. in a cluster span EtherChannel
  • C. in active/passive mode
  • D. in cluster interface mode


Answer : C

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization?

  • A. inline tap monitor-only mode
  • B. passive monitor-only mode
  • C. passive tap monitor-only mode
  • D. inline mode


Answer : B

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighboring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

  • A. Create a firewall rule to allow CDP traffic
  • B. Create a bridge group with the firewall interfaces
  • C. Change the firewall mode to transparent
  • D. Change the firewall mode to routed


Answer : D

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/ transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire. How should this be implemented?

  • A. Specify the BVI IP address as the default gateway for connected devices
  • B. Enable routing on the Cisco Firepower
  • C. Add an IP address to the physical Cisco Firepower interfaces
  • D. Configure a bridge group in transparent mode


Answer : D

Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

  • A. same flash memory size
  • B. same NTP configuration
  • C. same DHCP/PPoE configuration
  • D. same host name
  • E. same number of interfaces


Answer : BE

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?

  • A. Configure an IPS policy and enable per-rule logging
  • B. Disable the default IPS policy and enable global logging
  • C. Configure an IPS policy and enable global logging
  • D. Disable the default IPS policy and enable per-rule logging


Answer : A

Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

  • A. OSPFv2 with IPv6 capabilities
  • B. virtual links
  • C. SHA authentication to OSPF packets
  • D. area boundary router type 1 LSA filtering
  • E. MD5 authentication to OSPF packets


Answer : BE

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/ospf_for_firepower_threat_defense.html

When creating a report template, how are the results limited to show only the activity of a specific subnet?

  • A. Create a custom search in Cisco FMC and select it in each section of the report.
  • B. Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.
  • C. Add a Table View section to the report with the Search field defined as the network in CIDR format.
  • D. Select IP Address as the X-Axis in each section of the report.


Answer : B

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Reports.html#87267

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

  • A. VPN connections can be re-established only if the failed master unit recovers.
  • B. Smart License is required to maintain VPN connections simultaneously across all cluster units.
  • C. VPN connections must be re-established when a new master unit is elected.
  • D. Only established VPN connections are maintained when a new master unit is elected.


Answer : C

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html#concept_g32_yml_y2b

What are two features of bridge-group interfaces in Cisco FTD? (Choose two.)

  • A. The BVI IP address must be in a separate subnet from the connected network.
  • B. Bridge groups are supported in both transparent and routed firewall modes.
  • C. Bridge groups are supported only in transparent firewall mode.
  • D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.
  • E. Each directly connected network must be on the same subnet.


Answer : CD

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/ transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

  • A. configure manager local 10.0.0.10 Cisco123
  • B. configure manager add Cisco123 10.0.0.10
  • C. configure manager local Cisco123 10.0.0.10
  • D. configure manager add 10.0.0.10 Cisco123


Answer : D

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmt-nw.html#id_106101

Which two actions can be used in an access control policy rule? (Choose two.)

  • A. Block with Reset
  • B. Monitor
  • C. Analyze
  • D. Discover
  • E. Block ALL


Answer : AB

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AC-Rules-Tuning-
Overview.html#71854

Page:    1 / 21   
Exam contains 311 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy