Pass 300-710 SNCF in Just 3 Days – Stress-Free!
Get your 300-710 Securing Networks with Cisco Firepower certification with 100% pass guarantee. Pay only after passing!
Click here to secure your guaranteed certification now!
Have questions? Contact us directly on WhatsApp for quick support!
Question 331
Refer to the exhibit. An engineer is configuring a high-availability solution that has the hardware devices and software versions:
- Two Cisco Secure Firewall 9300 Security Appliances with FXOS SW 2.0(1.23)
- One Cisco Secure Firewall Threat Defense with 6.0 1 1 (build 1023)
- One Cisco Secure Firewall Management Center with SW 6.0.1.1 (build 1023)
Which condition must be met to complete the high-availability configuration?
- A. Both firewalls must be in transparent mode
- B. The version numbers must have the same patch number
- C. DHCP must be configured on at least one firewall interface.
- D. Both firewalls must have the same number of interfaces
Correct Answer: D
Question 332
An engineer is deploying a Cisco Secure Firewall Management Center appliance. The company must send data to Cisco Secure Network Analytics appliances. Which two actions must the engineer take? (Choose two.)
- A. Create a service identifier to enable the NetFlow service.
- B. Add the Netflow_Send_Destination object to the configuration.
- C. Add the Netflow_Set Parameters object to the configuration.
- D. Add the Netflow_Add_Destination object to the configuration.
Correct Answer: C, D
Question 333
A network administrator is trying to configure a previously created file policy on a new access policy. Which action must the administrator take before applying the file policy?
- A. Create a new access control rule.
- B. Apply an application to an access control rule.
- C. Set up an inspection policy.
- D. Assign the file policy to the default action.
Correct Answer: D
Question 334
A security engineer must add a new policy to block UDP traffic to one server. The engineer adds a new object. Which action must the engineer take next to identify all the UDP ports?
- A. Specify the transport protocol and leave the port number empty.
- B. Define the transport protocol and the mandatory port range.
- C. Add the transport number and specify the type and code.
- D. Add the corresponding IP protocol number for UDP and TCP.
Correct Answer: D
Question 335
Refer to the exhibit. An engineer is configuring access control rules on a Cisco Secure Firewall Threat Defense device. The access control rules must include a file policy with rules that will trigger when MSEXE files are accessed. Which two actions must be configured in the access rule?
- A. Block files with reset
- B. Interactive block
- C. Monitor
- D. Allow
- E. Trust
Correct Answer: A, C
Question 336
An engineer must deny ICMP traffic to the networks of separate departments that use Cisco Secure Firewall Management Center. The engineer must use the same object on the relevant device for each network. What must be configured in Secure Firewall Management Center?
- A. Allow Overrides check box
- B. Deny ICMP check box
- C. IP address
- D. IP range
Correct Answer: B
Question 337
Refer to the exhibit. An engineer is deploying a new instance of Cisco Secure Firewall Threat Defense. Which action must the engineer take next so that Client_A and Client B receive an IP address via DHCP from Server A?
- A. Disable all the DHCP Snort rules by using Secure Firewall Device Manager.
- B. Add another DHCP pool on Server A with DHCP relay on Secure Firewall Threat Defense.
- C. Disable Option 82 in the DHCP relay configuration properties using Secure Firewall Management Center.
- D. Add access rules that allow DHCP traffic by using Cisco Secure Firewall Management Center.
Correct Answer: D
Question 338
A VPN administrator converted an instance of Cisco Secure Firewall Threat Defense, which is managed by Cisco Secure Firewall Management Center, from using LDAP to LDAPS for remote access VPN authentication. Which certificate must be added to allow for remote users to authenticate over the VPN?
- A. Secure Firewall Threat Defense certificate must be added to the LDAPS server.
- B. LDAPS server certificate must be added to Secure Firewall Management Center realms.
- C. Secure Firewall Management Center certificate must be added to the LDAPS server.
- D. LDAPS server certificate must be added to Secure Firewall Threat Defense.
Correct Answer: D
Question 339
A network administrator is configuring a transparent Cisco Secure Firewall Threat Defense registered to a Cisco Secure Firewall Management Center. The administrator wants to configure the Secure Firewall Threat Defense to allow ARP traffic to pass between two interfaces of a bridge group. What must be configured?
- A. Use the default configuration on the devices.
- B. An access policy must allow MAC address 0100.0CCC.CCCD.
- C. ARP inspection must be disabled.
- D. An access policy must allow MAC address FFFF.FFFF.FFFF.
Correct Answer: D
Question 340
A network administrator manages a network with multiple firewalls in a data center. The administrator must change a next-generation firewall from routed to transparent mode. Which action must the administrator take to meet the requirement?
- A. Deregister the firewall in Cisco Secure Firewall Management Center.
- B. Enter the configure firewall transparent command from the CLI.
- C. Manually delete the interface configuration from the CLI.
- D. Create one or more bridge groups from the CLI.
Correct Answer: D