Pass 300-710 SNCF in Just 3 Days – Stress-Free!
Get your 300-710 Securing Networks with Cisco Firepower certification with 100% pass guarantee. Pay only after passing!
Click here to secure your guaranteed certification now!
Have questions? Contact us directly on WhatsApp for quick support!
Question 321
Refer to the exhibit. A Cisco Secure Firewall Threat Defense (FTD) device is deployed in inline mode with an inline set. The network engineer wants router R2 to remove the directly connected route 192.168.1.0/24 from its routing table when the cable between router R1 and the Secure FTD device is disconnected. Which action must the engineer take?
- A. Implement the Propagate Link State option on the Secure FTD device.
- B. Implement autostate functionality on the Gi0/2 interface of R2.
- C. Establish a routing protocol between R1 and R2.
- D. Disable hardware bypass on the Secure FTD device.
Correct Answer: D
Question 322
A network administrator is trying to configure an access rule to allow access to a specific banking site over HTTPS but not HTTP. Which method must the administrator use to meet the requirement?
- A. Enable SSL decryption and specify the URL.
- B. Block the category of banking and define the application of WWW.
- C. Define the URL to be blocked and set the application to HTTP.
- D. Define the URL to be blocked and disable SSL inspection.
Correct Answer: C
Question 323
Refer to the exhibit. A company is deploying a pair of Cisco Secure Firewall Threat Defense devices named FTDI and FTD2. FTD1 and FTD2 have been configured as an active/standby pair with a failover link but without a stateful link. What must be implemented next to ensure that users on the internal network still communicate with outside devices if FTD1 fails?
- A. Disable port security on the switch interfaces connected to FTD1 and FTD2.
- B. Connect and configure a stateful link and then deploy the changes.
- C. Configure the spanning-tree PortFast feature on SW1 and FTD2.
- D. Set maximum secured addresses to two on the switch interfaces on FTD1 and FTD2.
Correct Answer: B
Question 324
Network users experience issues when accessing a server on a different network segment. An engineer investigates the issue by performing packet capture on Cisco Secure Firewall Threat Defense. The engineer expects more data and suspects that not all the traffic was collected during a 15-minute capture session. Which action must the engineer take to resolve the issue?
- A. Forward the captured data to an FTP server.
- B. Increase the amount of RAM allocated for the capture.
- C. Ensure that the allocated memory is sufficient.
- D. Provide a file name to save the data.
Correct Answer: C
Question 325
Which action must be taken to configure an isolated bridge group for IRB mode on a Cisco Secure Firewall device?
- A. Leave BVI interface name empty.
- B. Remove the route from the routing table.
- C. Add the restricted segment to the ACL.
- D. Define the NAT pool for the blocked traffic.
Correct Answer: B
Question 326
Refer to the exhibit. An engineer generates troubleshooting files in Cisco Secure Firewall Management Center (FMC). A successfully completed task is removed before the files are downloaded. Which two actions must be taken to determine the filename and obtain the generated troubleshooting files without regenerating them? (Choose two.)
- A. Connect to CLI on the FTD67 and FTD68 devices and copy the files from flash to the FTP server.
- B. Go to expert mode on Secure FMC, list the contents of /var/common, and determine the correct filename from the output.
- C. Use an FTP client in expert mode on Secure FMC to upload the files to the FTP server.
- D. Go to the same screen as shown in the exhibit, click Advanced Troubleshooting, enter the filename, and then start the download.
- E. Click System, Monitoring, then Audit to determine the correct filename from the line containing the Generate Troubleshooting Files string.
Correct Answer: B, D
Question 327
An administrator is configuring a new report template off of a saved search within Cisco Secure Firewall Management Center. The goal is to use the malware analysis report template, but use a different type of saved search as the basis. The report is not working. What must be considered when configuring this report template?
- A. Saved searches from a different report template must be used.
- B. Saved searches must be renamed before using for different report template.
- C. Saved searches are available freely for all report templates within the same domain.
- D. Saved searches can be used for the same report template only.
Correct Answer: D
Question 328
An engineer is deploying a Cisco ASA Secure Firewall module. The engineer must be able to examine traffic without impacting the network, and the ASA has been deployed with a single context. Which ASA Secure Firewall module deployment mode must be implemented to meet the requirements?
- A. Routed mode with inline tap monitor-only mode
- B. Transparent mode with passive monitor-only mode
- C. Transparent mode with inline tap monitor-only mode
- D. Routed mode with passive monitor-only mode
Correct Answer: B
Question 329
An engineer is setting up a new Cisco Secure Firewall Threat Defense appliance to replace the current firewall. The company requests that inline sets be used and that when one interface in an inline set goes down, the second interface in the inline set goes down. What must the engineer configure to meet the deployment requirements?
- A. Propagate link state
- B. Snort fail open
- C. Inline tap mode
- D. Strict TCP enforcement
Correct Answer: A
Question 330
An engineer must implement Cisco Secure Firewall transparent mode due to a new server recently being added that must communicate with an existing server that is currently separated by the firewall. Which implementation action must be taken next by the engineer to accomplish the goal?
- A. Configure the same default gateway for both servers.
- B. Ensure that both servers are in the same bridge domain.
- C. Enable both servers to share the same VXLAN segment.
- D. Assign the same subnet to both servers.
Correct Answer: B