300-710: Securing Networks with Cisco Firepower (300-710 SNCF) Part 2
Question #: 51
Topic #: 1
In which two places are thresholding settings configured? (Choose two.)
A. on each IPS rule
B. globally, within the network analysis policy
C. globally, per intrusion policy
D. on each access control rule
E. per preprocessor, within the network analysis policy
Selected Answer: AC
Question #: 52
Topic #: 1
In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)
A. Traffic inspection is interrupted temporarily when configuration changes are deployed.
B. The system performs intrusion inspection followed by file inspection.
C. They block traffic based on Security Intelligence data.
D. File policies use an associated variable set to perform intrusion prevention.
E. The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.
Selected Answer: CE
Question #: 53
Topic #: 1
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.
B. reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists
C. network-based objects that represent IP addresses and networks, port/protocol pairs, VLAN tags, security zones, and origin/destination country
D. network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country
E. reputation-based objects, such as URL categories
Selected Answer: BC
Question #: 54
Topic #: 1
A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the application rules?
A. utilizing a dynamic ACP that updates from Cisco Talos
B. creating a unique ACP per device
C. utilizing policy inheritance
D. creating an ACP with an INSIDE_NET network object and object overrides
Selected Answer: D
Question #: 55
Topic #: 1
An organization has seen a lot of traffic congestion on their links going out to the internet. There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?
A. Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses.
B. Create a flexconfig policy to use WCCP for application aware bandwidth limiting.
C. Create a QoS policy rate-limiting high bandwidth applications.
D. Create a VPN policy so that direct tunnels are established to the business applications.
Selected Answer: C
Question #: 56
Topic #: 1
An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?
A. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.
B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.
C. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.
D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.
Selected Answer: A
Question #: 57
Topic #: 1
An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information. Which two widgets must be configured to provide this information? (Choose two.)
A. Intrusion Events
B. Correlation Information
C. Appliance Status
D. Current Sessions
E. Network Compliance
Selected Answer: AC
Question #: 58
Topic #: 1
There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic. What is a result of enabling TLS/SSL decryption to allow this visibility?
A. It prompts the need for a corporate managed certificate.
B. It will fail if certificate pinning is not enforced.
C. It has minimal performance impact.
D. It is not subject to any Privacy regulations.
Selected Answer: A
Question #: 59
Topic #: 1
An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue?
A. Confirm that both devices are running the same software version.
B. Confirm that both devices are configured with the same types of interfaces.
C. Confirm that both devices have the same flash memory sizes.
D. Confirm that both devices have the same port-channel numbering.
Selected Answer: A
Question #: 60
Topic #: 1
An organization wants to secure traffic from their branch office to the headquarters building using Cisco Firepower devices. They want to ensure that their Cisco
Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?
A. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.
B. Tune the intrusion policies in order to allow the VPN traffic through without inspection.
C. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies.
D. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic.
Selected Answer: D
Question #: 61
Topic #: 1
An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?
A. Prefilter
B. Intrusion
C. Access Control
D. Identity
Selected Answer: C
Question #: 62
Topic #: 1
A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyze the file in the Talos cloud?
A. malware analysis
B. dynamic analysis
C. sandbox analysis
D. Spero analysis
Selected Answer: B
Question #: 63
Topic #: 1
An engineer has been tasked with providing disaster recovery for an organization’s primary Cisco FMC. What must be done on the primary and secondary Cisco
FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?
A. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails.
B. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length.
C. Configure high-availability in both the primary and secondary Cisco FMCs.
D. Place the active Cisco FMC device on the same trusted management network as the standby device.
Selected Answer: C
Question #: 64
Topic #: 1
An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco0391521107. Which command set must be used in order to accomplish this?
A. configure manager add ACME001
B. configure manager add ACME001
C. configure manager add ACME001
D. configure manager add DONTRESOLVE AMCE001
Selected Answer: A
Question #: 65
Topic #: 1
Refer to the exhibit. An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed. What must be done to address this issue?
A. Add the social network URLs to the block list.
B. Change the intrusion policy to connectivity over security.
C. Modify the selected application within the rule.
D. Modify the rule action from trust to allow.
Selected Answer: D
Question #: 66
Topic #: 1
A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?
A. Spero analysis
B. capacity handling
C. local malware analysis
D. dynamic analysis
Selected Answer: B
Question #: 67
Topic #: 1
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filling the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?
A. Exclude load balancers and NAT devices.
B. Leave default networks.
C. Increase the number of entries on the NAT device.
D. Change the method to TCP/SYN.
Selected Answer: A
Question #: 68
Topic #: 1
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly; however, return traffic is entering the firewall but not leaving it. What is the reason for this issue?
A. A manual NAT exemption rule does not exist at the top of the NAT table
B. An external NAT IP address is not configured
C. An external NAT IP address is configured to match the wrong interface
D. An object NAT exemption rule does not exist at the top of the NAT table
Selected Answer: A
Question #: 69
Topic #: 1
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?
A. The interfaces are being used for NAT for multiple networks
B. The administrator is adding interfaces of multiple types
C. The administrator is adding an interface that is in multiple zones
D. The interfaces belong to multiple interface groups
Selected Answer: B
Question #: 70
Topic #: 1
An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?
A. Modify the Cisco ISE authorization policy to deny this access to the user
B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD
C. Add the unknown user in the Access Control Policy in Cisco FTD
D. Add the unknown user in the Malware & File Policy in Cisco FTD
Selected Answer: C
Question #: 71
Topic #: 1
What is the benefit of selecting the trace option for packet capture?
A. The option indicates whether the packet was dropped or successful.
B. The option indicates whether the destination host responds through a different path.
C. The option limits the number of packets that are captured.
D. The option captures details of each packet.
Selected Answer: A
Question #: 72
Topic #: 1
After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?
A. /etc/sf/DCMIB.ALERT
B. /sf/etc/DCEALERT.MIB
C. /etc/sf/DCEALERT.MIB
D. system/etc/DCEALERT.MIB
Selected Answer: C
Question #: 73
Topic #: 1
Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?
A. configure coredump packet-engine enable
B. capture-traffic
C. capture
D. capture WORD
Selected Answer: D
Question #: 74
Topic #: 1
Which report template field format is available in Cisco FMC?
A. box lever chart
B. arrow chart
C. bar chart
D. benchmark chart
Selected Answer: B
Question #: 75
Topic #: 1
DRAG DROP –
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.
Select and Place:
Suggestion Answer:
Question #: 76
Topic #: 1
Which CLI command is used to generate firewall debug messages on a Cisco Firepower?
A. system support firewall-engine-debug
B. system support ssl-debug
C. system support platform
D. system support dump-table
Selected Answer: B
Question #: 77
Topic #: 1
Which command-line mode is supported from the Cisco FMC CLI?
A. privileged
B. user
C. configuration
D. admin
Selected Answer: C
Question #: 78
Topic #: 1
Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?
A. show running-config
B. show tech-support chassis
C. system support diagnostic-cli
D. sudo sf_troubleshoot.pl
Selected Answer: D
Question #: 79
Topic #: 1
Which CLI command is used to control special handling of ClientHello messages?
A. system support ssl-client-hello-tuning
B. system support ssl-client-hello-display
C. system support ssl-client-hello-force-reset
D. system support ssl-client-hello-reset
Selected Answer: A
Question #: 80
Topic #: 1
Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?
A. configure high-availability resume
B. configure high-availability disable
C. system support network-options
D. configure high-availability suspend
Selected Answer: D
Question #: 81
Topic #: 1
Which command must be run to generate troubleshooting files on an FTD?
A. system support view-files
B. sudo sf_troubleshoot.pl
C. system generate-troubleshoot all
D. show tech-support
Selected Answer: C
Question #: 82
Topic #: 1
When is the file-size command needed while troubleshooting with packet capture?
A. when capture packets are less than 16 MB
B. when capture packets are restricted from the secondary memory
C. when capture packets exceed 10 GB
D. when capture packets exceed 32 MB
Selected Answer: D
Question #: 83
Topic #: 1
What is a functionality of port objects in Cisco FMC?
A. to mix transport protocols when setting both source and destination port conditions in a rule
B. to represent protocols other than TCP, UDP, and ICMP
C. to represent all protocols in the same way
D. to add any protocol other than TCP or UDP for source port conditions in access control rules.
Selected Answer: B
Question #: 84
Topic #: 1
A network engineer is configuring URL Filtering on Cisco FTD. Which two port requirements on the FMC must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. outbound port TCP/8080
D. inbound port TCP/443
E. outbound port TCP/80
Selected Answer: C
Question #: 85
Topic #: 1
What is the maximum bit size that Cisco FMC supports for HTTPS certificates?
A. 1024
B. 8192
C. 4096
D. 2048
Selected Answer: C
Question #: 86
Topic #: 1
Which two considerations must be made when deleting and re-adding devices while managing them via Cisco FMC? (Choose two.)
A. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the policies after registration is completed.
B. Before re-adding the device in Cisco FMC, the manager must be added back.
C. Once a device has been deleted, it must be reconfigured before it is re-added to the Cisco FMC.
D. The Cisco FMC web interface prompts users to re-apply access control policies.
E. There is no option to re-apply NAT and VPN policies during registration available, so users need to re-apply the policies after registration is completed.
Selected Answer: DE
Question #: 87
Topic #: 1
What is a behavior of a Cisco FMC database purge?
A. User login and history data are removed from the database if the User Activity check box is selected.
B. Data is recovered from the device.
C. The appropriate process is restarted.
D. The specified data is removed from Cisco FMC and kept for two weeks.
Selected Answer: C
Question #: 88
Topic #: 1
An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10.10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network. What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?
A. Update the IP addresses from IPv4 to IPv6 without deleting from Cisco FMC.
B. Format and reregister the device to Cisco FMC.
C. Cisco FMC does not support devices that use IPv4 IP addresses.
D. Delete and reregister the device to Cisco FMC.
Selected Answer: D
Question #: 89
Topic #: 1
Refer to the exhibit. An engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network. How is the Firepower configuration updated to protect these new operating systems?
A. The administrator manually updates the policies.
B. The administrator requests a Remediation Recommendation Report from Cisco Firepower.
C. Cisco Firepower gives recommendations to update the policies.
D. Cisco Firepower automatically updates the policies.
Selected Answer: C
Question #: 90
Topic #: 1
After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user. Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?
A. Current Sessions
B. Correlation Events
C. Current Status
D. Custom Analysis
Selected Answer: B
Question #: 91
Topic #: 1
An engineer is troubleshooting application failures through an FTD deployment. While using the FMC CLI, it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this?
A. Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly.
B. Use the system support firewall-engine-dump-user-identity-data command to change the policy and allow the application though the firewall.
C. Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly.
D. Use the system support network-options command to fine tune the policy.
Selected Answer: A
Question #: 92
Topic #: 1
An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanism should be used to accomplish this task?
A. reports
B. context explorer
C. dashboards
D. event viewer
Selected Answer: A
Question #: 93
Topic #: 1
A network administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?
A. A ג€troubleshootג€ file for the device in question.
B. A ג€show techג€ file for the device in question.
C. A ג€troubleshootג€ file for the Cisco FMC.
D. A ג€show techג€ for the Cisco FMC.
Selected Answer: C
Question #: 94
Topic #: 1
A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverse the data center FTD appliance.
Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue?
A. Use the Packet Export feature to save data onto external drives.
B. Use the Packet Capture feature to collect real-time network traffic.
C. Use the Packet Tracer feature for traffic policy analysis.
D. Use the Packet Analysis feature for capturing network data.
Selected Answer: B
Question #: 95
Topic #: 1
An administrator is attempting to remotely log into a switch in the data center using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?
A. by performing a packet capture on the firewall
B. by attempting to access it from a different workstation
C. by running Wireshark on the administrator’s PC
D. by running a packet tracer on the firewall
Selected Answer: A
Question #: 96
Topic #: 1
IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high. Which report type should be used to gather this information?
A. Risk Report
B. SNMP Report
C. Standard Report
D. Malware Report
Selected Answer: C
Question #: 97
Topic #: 1
An administrator is setting up Cisco FirePower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters objet is already created, but
NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?
A. Create a service identifier to enable the NetFlow service.
B. Add the NetFlow_Send_Destination object to the configuration.
C. Create a Security Intelligence object to send the data to Cisco Stealthwatch.
D. Add the NetFlow_Add_Destination object to the configuration.
Selected Answer: D
Question #: 98
Topic #: 1
With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time. Which action should be taken to resolve this issue?
A. Manually adjust the time to the correct hour on all managed devices.
B. Configure the system clock settings to use NTP with Daylight Savings checked.
C. Configure the system clock settings to use NTP.
D. Manually adjust the time to the correct hour on the Cisco FMC.
Selected Answer: C
Question #: 99
Topic #: 1
A network administrator notices that SI events are not being updated. The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?
A. Restart the affected devices in order to reset the configurations.
B. Redeploy configurations to affected devices so that additional memory is allocated to the SI module.
C. Replace the affected devices with devices that provide more memory.
D. Manually update the SI event entries to that the appropriate traffic is blocked.
Selected Answer: B
Question #: 100
Topic #: 1
Refer to the exhibit. What must be done to fix access to this website while preventing the same communication to all other websites?
A. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50.
B. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50.
C. Create an access control policy rule to allow port 443 to only 172.1.1.50.
D. Create an access control policy rule to allow port 80 to only 172.1.1.50.
Selected Answer: B
