Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Cisco
CCNP Security
300-710
Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

737 Students Passed

85% Average Score

91% Same Questions

Viewing page 12 out of 12 pages

Viewing questions 111-120 out of questions

Questions # 111:

A network administrator is configuring a transparent Cisco Secure Firewall Threat Defense registered to a Cisco Secure Firewall Management Center. The administrator wants to configure the Secure Firewall Threat Defense to allow ARP traffic to pass between two interfaces of a bridge group. What must be configured?

Options:

Use the default configuration on the devices.

An access policy must allow MAC address FFFF.FFFF.FFFF.

ARP inspection must be disabled.

An access policy must allow MAC address 0100.0CCC.CCCD.

Answer

Questions # 112:

An engineer is configuring URL filtering tor a Cisco Secure Firewall Threat Defense device in Cisco Secure Firewall Management Centre. Use's must receive a warning when they access

..wwww badaduitsito com with the option of continuing to the website if they choose to No other websites should he blocked. Which two actions must the engineer take to moot these requirements?

Options:

Configure an access control rule that matches an URL object for http://www.Dadadullsile.com ' and set the action to Interactive Block.

On the HTTP Responses tab of the access control policy editor, set the Interactive Block Response Page to System-provided.

Configure the default action for the access control policy to Interactive Block.

On the HTTP Responses tab of the access control policy editor set the Block Response Page to Custom.

Configure an access control rule that matches the Adult URL category and sot the action to Interactive Block

Answer

A, B

Explanation

To configure URL filtering such that users receive a warning when they access a specific website (e.g.,http://www.badadultsite.com) and have the option to continue to the site, the engineer needs to perform the following actions:

Configure an access control rule:

Create a URL object forhttp://www.badadultsite.com.

Set the action for this URL object to "Interactive Block," which prompts the user with a warning and allows them to proceed if they choose to.

Set the Interactive Block Response Page:

Navigate to the HTTP Responses tab in the access control policy editor.

Set the Interactive Block Response Page to "System-provided" to ensure that users see the default warning page provided by Cisco Secure Firewall Management Center.

These actions ensure that only the specified website triggers an interactive block, while other websites are not blocked.

[References:Cisco Secure Firewall Management Center Administrator Guide, Chapter on Access Control and URL Filtering., , , ]

Questions # 113:

An engineer is deploying a Cisco ASA Secure Firewall module. The engineer must be able to examine traffic without impacting the network, and the ASA has been deployed with a single context. Which ASA Secure Firewall module deployment mode must be implemented to meet the requirements?

Options:

Transparent mode with inline tap monitor-only mode

Routed mode with passive monitor-only mode

Transparent mode with passive monitor-only mode

Routed mode with inline tap monitor-only mode

Answer

Questions # 114:

An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?

Options:

interface-based VLAN switching

inter-chassis clustering VLAN

integrated routing and bridging

Cisco ISE Security Group Tag

Answer

Questions # 115:

An engineer must export a packet capture from Cisco Secure Firewall Management Center to assist in troubleshooting an issue an a Secure Firewall Threat Defense device. When the engineer navigates to URL for Secure Firewall Management Center at:

../capture/CAP/pcap/sample.pcap

An engineer receives a 403: Forbidden error instead of being provided with the PCAP file. Which action resolves the issue?

Options:

Disable the HTTPS server and use HTTP.

Enable the proxy setting in the device platform policy.

Enable HTTPS in the device platform policy.

Disable the proxy setting on the client browser.

Answer

Explanation

If an engineer receives a 403: Forbidden error when attempting to download a packet capture file from Cisco Secure Firewall Management Center (FMC), the issue is likely due to HTTPS not being enabled in the device platform policy. To resolve this issue, the engineer must enable HTTPS in the platform policy.

Steps:

In FMC, navigate toPolicies > Device Management > Platform Settings.

Edit the relevant platform policy.

Enable HTTPS for the device.

Deploy the changes to the FTD device.

This ensures that the FMC and FTD device can securely transfer the packet capture file over HTTPS, resolving the 403 error.

[References:Cisco Secure Firewall Management Center Administrator Guide, Chapter on Platform Settings and HTTPS Configuration., , , ]

Questions # 116:

Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

Options:

The units must be the same version

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

The units must be different models if they are part of the same series.

The units must be configured only for firewall routed mode.

The units must be the same model.

Answer

A, E

Explanation

[Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699- configure-ftd-high-availability-on-firep.html, , ]

Questions # 117:

Which firewall mode is Cisco Secure Firewall Threat Defense in when two physical interfaces are assigned to a named BVI?

Options:

Routed

Transparent

In-line

IPS only

Answer

Questions # 118:

A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyse the file in the Talos cloud?

Options:

Spero analysis

Malware analysis

Dynamic analysis

Sandbox analysis

Answer

Questions # 119:

An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

Options:

Configure the downstream router to perform NAT.

Configure the upstream router to perform NAT.

Configure the Cisco FTD firewall in routed mode with NAT enabled.

Configure the Cisco FTD firewall in transparent mode with NAT enabled.

Answer

Questions # 120:

Network traffic coining from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?