Pass 300-710 SNCF in Just 3 Days – Stress-Free!
Get your 300-710 Securing Networks with Cisco Firepower certification with 100% pass guarantee. Pay only after passing!
Click here to secure your guaranteed certification now!
Have questions? Contact us directly on WhatsApp for quick support!
Question 191
Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?
- A. Malware Report
- B. Host Report
- C. Firepower Report
- D. Network Report
Correct Answer: D
Question 192
An engineer is investigating connectivity problems on Cisco Firepower for a specific SGT. Which command allows the engineer to capture real packets that pass through the firewall using an SGT of 64?
- A. capture CAP type inline-tag 64 match ip any any
- B. capture CAP match 64 type inline-tag ip any any
- C. capture CAP headers-only type inline-tag 64 match ip any any
- D. capture CAP buffer 64 match ip any any
Correct Answer: D
Question 193
A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules to detect only critical conditions and avoid false positives?
- A. Connectivity Over Security
- B. Balanced Security and Connectivity
- C. Maximum Detection
- D. No Rules Active
Correct Answer: D
Question 194
An engineer wants to add an additional Cisco FTD Version 6.2.3 device to their current 6.2.3 deployment to create a high availability pair. The currently deployed Cisco FTD device is using local management and identical hardware including the available port density to enable the failover and stateful links required in a proper high availability deployment. Which action ensures that the environment is ready to pair the new Cisco FTD with the old one?
- A. Change from Cisco FDM management to Cisco FMC management on both devices and register them to FMC.
- B. Ensure that the two devices are assigned IP addresses from the 169.254.0.0/16 range for failover interfaces.
- C. Factory reset the current Cisco FTD so that it can synchronize configurations with the new Cisco FTD device.
- D. Ensure that the configured DNS servers match on the two devices for name resolution.
Correct Answer: A
Question 195
Refer to the exhibit. What is the effect of the existing Cisco FMC configuration?
- A. The remote management port for communication between the Cisco FMC and the managed device changes to port 8443.
- B. The managed device is deleted from the Cisco FMC.
- C. The SSL-encrypted communication channel between the Cisco FMC and the managed device becomes a plain-text communication channel.
- D. The management connection between the Cisco FMC and the Cisco FTD is disabled.
Correct Answer: D
Question 196
Remote users who connect via Cisco AnyConnect to the corporate network behind a Cisco FTD device report that they get no audio when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?
- A. FTD has no NAT policy that allows outside to outside communication.
- B. Split tunneling is enabled for the Remote Access VPN on FID.
- C. The hairpinning feature is not available on FTD.
- D. The Enable Spoke to Spoke Connectivity through Hub option is not selected on FTD.
Correct Answer: C
Question 197
A network administrator is troubleshooting access to a website hosted behind a Cisco FTD device. External clients cannot access the web server via HTTPS. The IP address configured on the web server is 192.168.7.46. The administrator is running the command capture CAP interface outside match ip any 192.168.7.46 255.255.255.255 but cannot see any traffic in the capture. Why is this occurring?
- A. The capture must use the public IP address of the web server.
- B. The packet capture shows only blocked traffic.
- C. The FTD has no route to the web server.
- D. The access policy is blocking the traffic.
Correct Answer: C
Question 198
An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats. When setting the Cisco FTD interface mode, which sequence of actions meets this requirement?
- A. Set to passive, and configure an access control policy with an intrusion policy and a file policy defined.
- B. Set to passive, and configure an access control policy with a prefilter policy defined.
- C. Set to none, and configure an access control policy with an intrusion policy and a file policy defined.
- D. Set to none, and configure an access control policy with a prefilter policy defined.
Correct Answer: A
Question 199
An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192.168.100.100 has the MAC address of 1234.5678.901 to help troubleshoot a connectivity issue. What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?
- A. -w capture.pcap -s 1518 host 192.168.100.100 ether
- B. -w capture.pcap -s 1518 host 192.168.100.100 mac
- C. -nm src 192.168.100.100
- D. -ne src 192.168.100.100
Correct Answer: D
Question 200
What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?
- A. Add at least two container instances from the same module.
- B. Set up a cluster control link between all logical devices.
- C. Define VLAN subinterfaces for each logical device.
- D. Add one shared management interface on all logical devices.
Correct Answer: D