Pass 300-710 SNCF in Just 3 Days – Stress-Free!
Get your 300-710 Securing Networks with Cisco Firepower certification with 100% pass guarantee. Pay only after passing!
Click here to secure your guaranteed certification now!
Have questions? Contact us directly on WhatsApp for quick support!
Question 151
An engineer must configure the firewall to monitor traffic within a single subnet without increasing the hop count of that traffic. How would the engineer achieve this?
- A. Configure Cisco Firepower as a transparent firewall.
- B. Set up Cisco Firepower as managed by Cisco FDM.
- C. Configure Cisco Firepower in FXOS monitor only mode.
- D. Set up Cisco Firepower in intrusion prevention mode.
Correct Answer: A
Question 152
Which firewall design will allow it to forward traffic at layers 2 and 3 for the same subnet?
- A. Routed mode
- B. Cisco Firepower Threat Defense mode
- C. Transparent mode
- D. Integrated routing and bridging
Correct Answer: D
Question 153
An organization is configuring a new Cisco Firepower High Availability deployment. Which action must be taken to ensure that failover is as seamless as possible to end users?
- A. Set the same FQDN for both chassis.
- B. Setup a virtual failover MAC address between chassis.
- C. Load the same software version on both chassis.
- D. Use a dedicated stateful link between chassis.
Correct Answer: D
Question 154
A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?
- A. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the “Drop when inline” option.
- B. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the “Drop when inline” option.
- C. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the “Drop when inline” option.
- D. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the “Drop when inline” option.
Correct Answer: D
Question 155
An engineer is using the configure manager add Cisc404225383 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why is this occurring?
- A. DONOTRESOLVE must be added to the command.
- B. The IP address used should be that of the Cisco FTD, not the Cisco FMC.
- C. The registration key is missing from the command.
- D. The NAT ID is required since the Cisco FMC is behind a NAT device.
Correct Answer: C
Question 156
An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?
- A. Inter-chassis clustering VLAN
- B. Cisco ISE Security Group Tag
- C. Interface-based VLAN switching
- D. Integrated routing and bridging
Correct Answer: D
Question 157
An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)
- A. Edit the HTTP request handling in the access control policy to customize the block.
- B. Modify the system-provided block page result using Python.
- C. Create HTML code with the information for the policies and procedures.
- D. Change the HTTP response in the access control policy to custom.
- E. Write CSS code with the information for the policies and procedures.
Correct Answer: C, D
Question 158
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?
- A. Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.
- B. Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.
- C. Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.
- D. Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.
Correct Answer: A
Question 159
A network administrator reviews the file report for the last month and notices that all file types, except exe, show a disposition of unknown. What is the cause of this issue?
- A. Only Spero file analysis is enabled.
- B. The Cisco FMC cannot reach the Internet to analyze files.
- C. A file policy has not been applied to the access policy.
- D. The malware license has not been applied to the Cisco FTD.
Correct Answer: B
Question 160
An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?
- A. Configure the Cisco FTD firewall in routed mode with NAT enabled.
- B. Configure the upstream router to perform NAT.
- C. Configure the Cisco FTD firewall in transparent mode with NAT enabled.
- D. Configure the downstream router to perform NAT.
Correct Answer: A