300-710: Securing Networks with Cisco Firepower (300-710 SNCF) Part 3
Question #: 101
Topic #: 1
A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device. While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response. Which step must be taken to resolve this issue without initiating traffic from the client?
A. Use packet-tracer to ensure that traffic is not being blocked by an access list
B. Use packet capture to ensure that traffic is not being blocked by an access list
C. Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address
D. Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address
Selected Answer: A
Question #: 102
Topic #: 1
A VPN user is unable to connect to web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS response are not getting through the Cisco FTD. What must be done to address this issue while still utilizing Snort IPS rules?
A. Uncheck the ג€Drop when Inlineג€ box in the intrusion policy to allow the traffic
B. Modify the Snort rules to allow legitimate DNS traffic to the VPN users
C. Disable the intrusion rule thresholds to optimize the Snort processing
D. Decrypt the packet after the VPN flow so the DNS queries are not inspected
Selected Answer: B
Question #: 103
Topic #: 1
An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IPS, if it is not dropped, how does the traffic get to its destination?
A. It is retransmitted from the Cisco IPS inline set
B. The packets are duplicated and a copy is sent to the destination
C. It is transmitted out of the Cisco IPS outside interface
D. It is routed back to the Cisco ASA interfaces for transmission
Selected Answer: A
Question #: 104
Topic #: 1
An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall. How is this issue resolved?
A. Use traceroute with advanced options
B. Use Wireshark with an IP subnet filter
C. Use a packet capture with match criteria
D. Use a packet sniffer with correct filtering
Selected Answer: C
Question #: 105
Topic #: 1
An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the
Cisco FTD to meet this requirement?
A. flexconfig object for NetFlow
B. interface object to export NetFlow
C. security intelligence object for NetFlow
D. variable set object for NetFlow
Selected Answer: A
Question #: 106
Topic #: 1
An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?
A. redundant interfaces on the firewall cluster mode and switches
B. redundant interfaces on the firewall noncluster mode and switches
C. vPC on the switches to the interface mode on the firewall cluster
D. vPC on the switches to the span EtherChannel on the firewall cluster
Selected Answer: D
Question #: 107
Topic #: 1
A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this?
A. The value of the highest MTU assigned to any non-management interface was changed
B. The value of the highest MSS assigned to any non-management interface was changed
C. A passive interface was associated with a security zone
D. Multiple inline interface pairs were added to the same inline interface
Selected Answer: A
Question #: 108
Topic #: 1
A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done to achieve this goal?
A. Enable the FXOS for multi-instance
B. Configure a prefilter policy
C. Configure modular policy framework
D. Disable TCP inspection
Selected Answer: D
Question #: 109
Topic #: 1
A network engineer is tasked with minimizing traffic interruption during peak traffic times. When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this issue?
A. Enable IPS inline link state propagation
B. Enable Pre-filter policies before the SNORT engine failure
C. Set a Trust ALL access control policy
D. Enable Automatic Application Bypass
Selected Answer: D
Question #: 110
Topic #: 1
Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)
A. application blocking
B. simple custom detection
C. file repository
D. exclusions
E. application allow listing
Selected Answer: BC
Question #: 111
Topic #: 1
Which Cisco AMP for Endpoints policy is used only for monitoring endpoint activity?
A. Windows domain controller
B. audit
C. triage
D. protection
Selected Answer: A
Question #: 112
Topic #: 1
What is a valid Cisco AMP file disposition?
A. non-malicious
B. malware
C. known-good
D. pristine
Selected Answer: B
Question #: 113
Topic #: 1
In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?
A. unavailable
B. unknown
C. clean
D. disconnected
Selected Answer: A
Question #: 114
Topic #: 1
Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)
A. dynamic null route configured
B. DHCP pool disablement
C. quarantine
D. port shutdown
E. host shutdown
Selected Answer: CD
Question #: 115
Topic #: 1
Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?
A. pxGrid
B. FTD RTC
C. FMC RTC
D. ISEGrid
Selected Answer: A
Question #: 116
Topic #: 1
What is the maximum SHA level of filtering that Threat Intelligence Director supports?
A. SHA-1024
B. SHA-4096
C. SHA-512
D. SHA-256
Selected Answer: A
Question #: 117
Topic #: 1
What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog?
A. Firepower devices do not need to be connected to the Internet.
B. An on-premises proxy server does not need to set up and maintained.
C. All types of Firepower devices are supported.
D. Supports all devices that are running supported versions of Firepower
Selected Answer: A
Question #: 118
Topic #: 1
Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?
A. apex
B. plus
C. base
D. mobility
Selected Answer: B
Question #: 119
Topic #: 1
What is a feature of Cisco AMP private cloud?
A. It disables direct connections to the public cloud.
B. It supports security intelligence filtering.
C. It support anonymized retrieval of threat intelligence.
D. It performs dynamic analysis.
Selected Answer: A
Question #: 120
Topic #: 1
Which feature within the Cisco FMC web interface allows for detecting, analyzing, and blocking malware in network traffic?
A. intrusion and file events
B. Cisco AMP for Networks
C. file policies
D. Cisco AMP for Endpoints
Selected Answer: C
Question #: 121
Topic #: 1
A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisco FMC generated an alert for the malware event, however the user still remained connected. Which Cisco AMP file rule action within the Cisco FMC must be set to resolve this issue?
A. Malware Cloud Lookup
B. Reset Connection
C. Detect Files
D. Local Malware Analysis
Selected Answer: B
Question #: 122
Topic #: 1
An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration tasks must be performed to achieve this file lookup? (Choose two.)
A. The Cisco FMC needs to include a SSL decryption policy.
B. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.
C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.
D. The Cisco FMC needs to connect with the FireAMP Cloud.
E. The Cisco FMC needs to include a file inspection policy for malware lookup.
Selected Answer: DE
Question #: 123
Topic #: 1
A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action should be taken to accomplish this goal?
A. Enable Rapid Threat Containment using REST APIs.
B. Enable Rapid Threat Containment using STIX and TAXII.
C. Enable Threat Intelligence Director using REST APIs.
D. Enable Threat Intelligence Director using STIX and TAXII.
Selected Answer: D
Question #: 124
Topic #: 1
A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?
A. Add the hash to the simple custom detection list
B. Use regular expressions to block the malicious file
C. Enable a personal firewall in the infected endpoint
D. Add the hash from the infected endpoint to the network block list
Selected Answer: A
Question #: 125
Topic #: 1
A network administrator is concerned about the high number of malware files affecting users’ machines. What must be done within the access control policy in
Cisco FMC to address this concern?
A. Create an intrusion policy and set the access control policy to block
B. Create an intrusion policy and set the access control policy to allow
C. Create a file policy and set the access control policy to allow
D. Create a file policy and set the access control policy to block
Selected Answer: D
Question #: 126
Topic #: 1
Within an organization’s high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?
A. redundant interfaces
B. span EtherChannel clustering
C. high availability active/standby firewalls
D. multi-instance firewalls
Selected Answer: C
Question #: 127
Topic #: 1
A network security engineer must replace a faulty Cisco FTD device in a high availability pair. Which action must be taken while replacing the faulty unit?
A. Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC
B. Shut down the active Cisco FTD device before powering up the replacement unit
C. Shut down the Cisco FMC before powering up the replacement unit
D. Unregister the faulty Cisco FTD device from the Cisco FMC
Selected Answer: A
Question #: 128
Topic #: 1
A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?
A. high availability clustering
B. active/active failover
C. transparent
D. routed
Selected Answer: C
Question #: 129
Topic #: 1
An organization is migrating their Cisco ASA devices running in multicontext mode to Cisco FTD devices. Which action must be taken to ensure that each context on the Cisco ASA is logically separated in the Cisco FTD devices?
A. Configure a container instance in the Cisco FTD for each context in the Cisco ASA.
B. Add the Cisco FTD device to the Cisco ASA port channels.
C. Configure the Cisco FTD to use port channels spanning multiple networks.
D. Add a native instance to distribute traffic to each Cisco FTD context.
Selected Answer: A
Question #: 130
Topic #: 1
An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a firewall and inspect traffic destined to the Internet. Which configuration will meet this requirement?
A. transparent firewall mode with IRB only
B. routed firewall mode with BVI and routed interfaces
C. transparent firewall mode with multiple BVIs
D. routed firewall mode with routed interfaces only
Selected Answer: C
Question #: 131
Topic #: 1
A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. It must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?
A. failsafe
B. inline tap
C. promiscuous
D. bypass
Selected Answer: B
Question #: 132
Topic #: 1
A network administrator is implementing an active/passive high availability Cisco FTD pair. When adding the high availability pair, the administrator cannot select the secondary peer. What is the cause?
A. The second Cisco FTD is not the same model as the primary Cisco FTD.
B. An high availability license must be added to the Cisco FMC before adding the high availability pair.
C. The failover link must be defined on each Cisco FTD before adding the high availability pair.
D. Both Cisco FTD devices are not at the same software version.
Selected Answer: A
Question #: 133
Topic #: 1
An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?
A. The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.
B. The switches were not set up with a monitor session ID that matches the flow ID defined on the Cisco FTD.
C. The Cisco FTD must be in routed mode to process ERSPAN traffic.
D. The Cisco FTD must be configured with an ERSPAN port not a passive port.
Selected Answer: C
Question #: 134
Topic #: 1
What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?
A. Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.
B. The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.
C. Allows traffic inspection to continue without interruption during the Snort process restart.
D. The interfaces are automatically configured as a media-independent interface crossover.
Selected Answer: A
Question #: 135
Topic #: 1
A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair. Which configuration must be changed before setting up the high availability pair?
A. An IP address in the same subnet must be added to each Cisco FTD on the interface.
B. The interface name must be removed from the interface on each Cisco FTD.
C. The name Failover must be configured manually on the interface on each Cisco FTD.
D. The interface must be configured as part of a LACP Active/Active EtherChannel.
Selected Answer: B
Question #: 136
Topic #: 1
Which firewall design will allow it to forward traffic at layers 2 and 3 for the same subnet?
A. routed mode
B. Cisco Firepower Threat Defense mode
C. transparent mode
D. integrated routing and bridging
Selected Answer: A
Question #: 137
Topic #: 1
An organization is configuring a new Cisco Firepower High Availability deployment. Which action must be taken to ensure that failover is as seamless as possible to end users?
A. Set the same FQDN for both chassis.
B. Set up a virtual failover MAC address between chassis.
C. Load the same software version on both chassis.
D. Use a dedicated stateful link between chassis.
Selected Answer: B
Question #: 138
Topic #: 1
A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?
A. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the “Drop when inline” option.
B. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the “Drop when inline” option.
C. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the “Drop when inline” option.
D. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the “Drop when inline” option.
Selected Answer: B
Question #: 139
Topic #: 1
An engineer is using the configure manager add Cisc404225383 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why is this occurring?
A. DONOTRESOLVE must be added to the command
B. The IP address used should be that of the Cisco FTD, not the Cisco FMC
C. The registration key is missing from the command
D. The NAT ID is required since the Cisco FMC is behind a NAT device
Selected Answer: D
Question #: 140
Topic #: 1
An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)
A. Edit the HTTP request handling in the access control policy to customized block
B. Modify the system-provided block page result using Python
C. Create HTML code with the information for the policies and procedures
D. Change the HTTP response in the access control policy to custom
E. Write CSS code with the information for the policies and procedures
Selected Answer: CD
Question #: 141
Topic #: 1
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses concern this?
A. Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis
B. Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis
C. Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis
D. Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis
Selected Answer: A
Question #: 142
Topic #: 1
A network administrator reviews the file report for the last month and notices that all file types, except exe, show a disposition of unknown. What is the cause of this issue?
A. Only Spero file analysis is enabled.
B. The Cisco FMC cannot reach the Internet to analyze files.
C. A file policy has not been applied to the access policy.
D. The malware license has not been applied to the Cisco FTD.
Selected Answer: A
Question #: 143
Topic #: 1
An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?
A. Configure the Cisco FTD firewall in routed mode with NAT enabled.
B. Configure the upstream router to perform NAT.
C. Configure the Cisco FTD firewall in transparent mode with NAT enabled.
D. Configure the downstream router to perform NAT.
Selected Answer: A
Question #: 144
Topic #: 1
A security engineer is configuring a remote Cisco FTD that has limited resources and internet bandwidth. Which malware action and protection option should be configured to reduce the requirement for cloud lookups?
A. Block File action and local malware analysis
B. Malware Cloud Lookup and dynamic analysis
C. Block Malware action and dynamic analysis
D. Block Malware action and local malware analysis
Selected Answer: D
Question #: 145
Topic #: 1
An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with primary route. Which action accomplish this task?
A. Install the static backup route and modify the metric to be less than the primary route
B. Use a default route in the FMC instead of having multiple routes contending for priority
C. Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated
D. Create the backup route and use route tracking on both routes to a destination IP address in the network
Selected Answer: D
Question #: 146
Topic #: 1
An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The intelligence source does not use STIX, but instead uses a .txt file format. Which action ensures that regular updates are provided?
A. Add a URL source and select the flat file type within Cisco FMC.
B. Add a TAXII feed source and input the URL for the feed.
C. Upload the .txt file and configure automatic updates using the embedded URL.
D. Convert the .txt file to STIX and upload it to the Cisco FMC.
Selected Answer: A
Question #: 147
Topic #: 1
An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface. However, if the time is exceeded, the configuration must allow packets to bypass detection. What must be configured on the Cisco FMC to accomplish this task?
A. Cisco ISE Security Group Tag
B. Automatic Application Bypass
C. Inspect Local Traffic Bypass
D. Fast-Path Rules Bypass
Selected Answer: B
Question #: 148
Topic #: 1
An engineer must define a URL object on Cisco FMC. What is the correct method to specify the URL without performing SSL inspection?
A. Include all URLs from CRL Distribution Points.
B. Use Subject Common Name value.
C. Specify all subdomains in the object group.
D. Specify the protocol in the object.
Selected Answer: B
Question #: 149
Topic #: 1
A network administrator is migrating from a Cisco ASA to a Cisco FTD. EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC. Which action must the administrator take to enable this feature on the Cisco FTD?
A. Configure EIGRP parameters using FlexConfig objects.
B. Add the command feature eigrp via the FTD CLI.
C. Create a custom variable set and enable the feature in the variable set.
D. Enable advanced configuration options in the FMC.
Selected Answer: A
Question #: 150
Topic #: 1
A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?
A. Network Analysis policy
B. Identity policy
C. Prefilter policy
D. Intrusion policy
Selected Answer: C
