Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Cisco
CCNP Security
300-710
Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

737 Students Passed

85% Average Score

91% Same Questions

Viewing page 3 out of 12 pages

Viewing questions 21-30 out of questions

Questions # 21:

Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?

Options:

system generate-troubleshoot

show configuration session

show managers

show running-config | include manager

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/ b_Command_Reference_for_Firepower_Threat_Defense/c_3.html, ]

Questions # 22:

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?

Options:

system support firewall-engine-debug

system support ssl-debug

system support platform

system support dump-table

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212330-firepower- management-center-display-acc.html, ]

Questions # 23:

Within Cisco Firepower Management Center, where does a user add or modify widgets?

Options:

dashboard

reporting

context explorer

summary tool

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Using_Dashboards.html, ]

Questions # 24:

A network administrator is trying to configure Active Directory authentication for VPN authentication to a Cisco Secure Firewall Threat Defence instance that is registered with Cisco Secure Firewall Management Center. Which system settings must be configured first in Secure Firewall Management Center to accomplish the goal?

Options:

Device, Remote Access VPN

System, Realms

Policies, Authentication

Authentication, Device

Answer

Explanation

To configure Active Directory authentication for VPN authentication on a Cisco Secure Firewall Threat Defense (FTD) instance registered with Cisco Secure Firewall Management Center (FMC), the administrator needs to configure Realms in the System settings of the FMC. Realms in FMC are used to define the directory servers (e.g., Active Directory) and how they are used for user authentication.

Steps to configure this in FMC:

Navigate toSystem > Integration > Realms and Directory.

Add a new realm and configure the necessary details such as the directory server type (e.g., Active Directory), server address, and bind credentials.

Test the connection to ensure it works correctly.

This setup allows the FMC to authenticate VPN users against the Active Directory, thereby enabling secure access control for VPN connections.

[References:Cisco Secure Firewall Management Center Administrator Guide, Chapter on Realms Configuration., , ]

Questions # 25:

An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192 168.100.100 has the MAC address of 0042 7734.103 to help troubleshoot aconnectivity issue What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

Options:

-nm src 192.168.100.100

-ne src 192.168.100.100

-w capture.pcap -s 1518 host 192.168.100.100 mac

-w capture.pcap -s 1518 host 192.168.100.100 ether

Answer

Explanation

[Reference:https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html, ]

Questions # 26:

An engineermustconfigure a Cisco FMC dashboard in a multidomain deployment Which action must the engineer take to edit a report template from an ancestor domain?

Options:

Add it as a separate widget.

Copy it to the current domain

Assign themselves ownership of it

Change the document attributes.

Answer

Questions # 27:

What is an attribute of the risk reporting capability in Cisco Secure Firewall Management Center?

Options:

Includes all domains in a multidomain system

Uses the same templates available to standard reports

Includes the current domain in a multidomain system

Uses the XML format to export all reporting

Answer

Questions # 28:

A network administrator is configuring a transparent Cisco Secure Firewall Threat Defense registered to a Cisco Secure Firewall Management Center. The administrator wants to configure the Secure Firewall Threat Defense to allow ARP traffic to pass between two interfaces of a bridge group. What must be configured?

Options:

Use the default configuration on the devices.

An access policy must allow MAC address FFFF.FFFF.FFFF.

ARP inspection must be disabled.

An access policy must allow MAC address 0100.0CCC.CCCD.

Answer

Questions # 29:

Question # 29

Refer to the exhibit. A client that has IP address 192.168.67.102 reports issues when connecting to a remote server. Based on the topology and output of packet tracer tool, which action resolves the connectivity issue?

Options:

Add the route to the destination.

Unblock the access rule on FTDv.

Restart the client-side application.

Reconfigure NAT on FTDv.

Answer

Questions # 30:

A network engineer must configure IPS mode on a Cisco Secure firewall Threat Defense device to inspect traffic and act as an IDS. The engineer already configured the passive-interface on the secure firewall threat Defence device and SPAN on the switch. What must be configured next by the engineer?

Options:

intrusion policy on the Secure Firewall Threat Defense device

active Interface on me Secure Firewall threat Defense device

DHCP on the switch

active SPAN port on the switch

Answer

Explanation

To configure IPS mode on a Cisco Secure Firewall Threat Defense (FTD) device to inspect traffic and act as an IDS, the network engineer must configure an intrusion policy on the FTD device. The passive-interface and SPAN on the switch have already been configured, which means the traffic is being mirrored to the FTD. The next step is to set up an intrusion policy that defines the rules and actions for detecting and responding to malicious traffic.

Steps:

In FMC, navigate toPolicies > Intrusion.

Create a new intrusion policy or edit an existing one.

Define the rules and actions for detecting threats.

Apply the intrusion policy to the relevant interfaces or access control policies.

This configuration enables the FTD to inspect the mirrored traffic and take appropriate actions based on the defined intrusion policy.

[References:Cisco Secure Firewall Management Center Administrator Guide, Chapter on Intrusion Policies., , ]

Viewing page 3 out of 12 pages

Viewing questions 21-30 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25

ADM-201

Agentforce-Specialist

CMMC-CCP

Data-Cloud-Consultant

PDI

PSE-Strata-Pro-24

Secure-Software-Design

Sharing-and-Visibility-Architect

Workday-Pro-Integrations

ZDTA