Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Cisco
CCNP Security
300-710
Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

737 Students Passed

85% Average Score

91% Same Questions

Viewing page 10 out of 12 pages

Viewing questions 91-100 out of questions

Questions # 91:

Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

Options:

FlexConfig

BDI

SGT

IRB

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/new_features_and_functionality.html, ]

Questions # 92:

A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?

Options:

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

Answer

Questions # 93:

Remote users who connect via Cisco AnyConnect to the corporate network behind a Cisco FTD device report that they get no audio when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?

Options:

The hairpinning feature is not available on FTD.

Split tunneling is enabled for the Remote Access VPN on FTD

FTDhas no NAT policy that allows outside to outside communication

The Enable Spoke to Spoke Connectivity through Hub option is not selected on FTD.

Answer

Questions # 94:

An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

Options:

Enable SSH and define an access list.

Enable HTTP and define an access list.

Enable SCP under the Access List section.

Enable HTTPS and SNMP under the Access List section.

Answer

Questions # 95:

An engineer must configure a correlation policy in Cisco Secure Firewall Management Center to detect when an IP address from an internal network communicates with a known malicious host. Connections made by the internal IP addresses must be tracked, and an external dynamic list must be used for the condition. Which type of event must the engineer configure on the correlation policy?

Options:

Intrusion Impact Alert

Connection tracker

Network discovery

Malware

Answer

Questions # 96:

Which report template field format is available in Cisco FMC?

Options:

box lever chart

arrow chart

bar chart

benchmark chart

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Working_with_Reports.html, , ]

Questions # 97:

An engineer is configuring a cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interface mode should be used to meet these requirements?

Options:

transparent

routed

passive

inline set

Answer

Explanation

[Reference:https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html, , ]

Questions # 98:

An engineer is configuring a Cisco Secure Firewall Threat Defence device managed by Cisco Secure Firewall Management Centre. The device must have SSH enabled and the accessible from the inside interface for remote administration. Which type of policy must the engineer configure to accomplish this?

Options:

Identify

Access control

Prefilter

Platform settings

Answer

Explanation

To enable SSH access to a Cisco Secure Firewall Threat Defense (FTD) device from the inside interface for remote administration, the engineer needs to configure a Platform Settings policy in Cisco Secure Firewall Management Center (FMC). The Platform Settings policy allows the configuration of various system-related settings, including enabling SSH, specifying the allowed interfaces, and defining the SSH access parameters.

Steps:

In FMC, navigate toPolicies > Access Control > Platform Settings.

Create a new Platform Settings policy or edit an existing one.

In the policy settings, go to theSSHsection.

Enable SSH and specify theinsideinterface as the allowed interface for SSH access.

Define the SSH parameters such as allowed IP addresses, user credentials, and other security settings.

Save and deploy the policy to the FTD device.

This configuration ensures that SSH access is enabled on the specified interface, allowing secure remote administration.

[References:Cisco Secure Firewall Management Center Administrator Guide, Chapter on Platform Settings., , , ]

Questions # 99:

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?

Options:

A manual NAT exemption rule does not exist at the top of the NAT table.

An external NAT IP address is not configured.

An external NAT IP address is configured to match the wrong interface.

An object NAT exemption rule does not exist at the top of the NAT table.

Answer

Explanation

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html

Questions # 100:

An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request mentions only one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week. Which action must the engineer take to troubleshoot this issue?