Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Cisco
CCNP Security
300-710
Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

737 Students Passed

85% Average Score

91% Same Questions

Viewing page 4 out of 12 pages

Viewing questions 31-40 out of questions

Questions # 31:

A network engineer detects a connectivity issue between Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense. Initial troubleshooting indicates that heartbeats and events are not being received. The engineer re-establishes the secure channels between both peers. Which two commands must the engineer run to resolve the issue? (Choose two.)

Options:

show disk-manager

show history

sudo stats_unified.pl

manage_procs.pl

sudo perfstats -Cq < /var/sf/rna/correlator-stats/now

Answer

C, D

Questions # 32:

A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF. DOCX, and XLSX files are not sent lo Cisco Secure Malware analytics. What must do configured to meet the requirements''

Options:

capacity handling

Spero analysis

dynamic analysis

local malware analysis

Answer

Explanation

To create a malware and file policy on a Cisco Secure Firewall Threat Defense (FTD) device that ensures PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics, the security engineer must configure local malware analysis. Local malware analysis allows the FTD to inspect and analyze files locally without sending them to the cloud-based Cisco Secure Malware Analytics.

Steps to configure local malware analysis:

In FMC, navigate toPolicies > Access Control > Malware & FilePolicies.

Create a new malware and file policy or edit an existing one.

Define rules to inspect specific file types, ensuring that PDF, DOCX, and XLSX files are handled locally.

Set the action for these file types to "Local Analysis."

Apply the policy to the relevant access control policy.

This configuration ensures that the specified file types are analyzed locally, meeting the requirement to avoid sending them to Cisco Secure Malware Analytics.

[References:Cisco Secure Firewall Management Center Configuration Guide, Chapter on Malware and File Policies, , ]

Questions # 33:

An engineer wants to change an existing transparent Cisco FTD to routed mode.

The device controls traffic between two network segments. Which action is mandatory to allow hosts to reestablish communication between these two segments after the change?

Options:

remove the existing dynamic routing protocol settings.

configure multiple BVIs to route between segments.

assign unique VLAN IDs to each firewall interface.

implement non-overlapping IP subnets on each segment.

Answer

Questions # 34:

A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?

Options:

Capacity handling

Local malware analysis

Spere analysis

Dynamic analysis

Answer

Questions # 35:

An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration takes must be performed to achieve this file lookup? (Choose two.)

Options:

The Cisco FMC needs to include a SSL decryption policy.

The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.

The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.

The Cisco FMC needs to connect with the FireAMP Cloud.

The Cisco FMC needs to include a file inspection policy for malware lookup.

Answer

D, E

Questions # 36:

An engineer must configure email notifications on Cisco Secure Firewall Management Center. TLS encryption must be used to protect the messages from unauthorized access. The engineer adds the IP address of the mail relay host and must set the port number. Which TCP port must the engineer use?

Options:

389

465

587

Answer

Questions # 37:

Remote users who connect via Cisco AnyConnect to the corporate network behind a Cisco FTD device report that they get no audio when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?

Options:

The hairpinning feature is not available on FTD.

Split tunneling is enabled for the Remote Access VPN on FTD

FTDhas no NAT policy that allows outside to outside communication

The Enable Spoke to Spoke Connectivity through Hub option is not selected on FTD.

Answer

Questions # 38:

Question # 38

Refer to the exhibit. An engineer analyzes a Network Risk Report from Cisco Secure Firewall Management Center. What should the engineer recommend implementing to mitigate the risk?

Options:

IP address and URL blacklisting

Trend analysis

Network-based detection

Virtual protection

Answer

Questions # 39:

Refer to the exhibit.

Question # 39

An organization has an access control rule with the intention of sending all social media traffic for inspection After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed What must be done to address this issue?

Options:

Modify the selected application within the rule

Change the intrusion policy to connectivity over security.

Modify the rule action from trust to allow

Add the social network URLs to the block list

Answer

Questions # 40:

A network administrator is configuring an FTD in transparent mode. A bridge group is set up and an access policy has been set up to allow all IP traffic. Traffic is not passing through the FTD. What additional configuration is needed?