Pass 300-710 SNCF in Just 3 Days – Stress-Free!
Get your 300-710 Securing Networks with Cisco Firepower certification with 100% pass guarantee. Pay only after passing!
Click here to secure your guaranteed certification now!
Have questions? Contact us directly on WhatsApp for quick support!
Question 361
What is an attribute of the risk reporting capability in Cisco Secure Firewall Management Center?
- A. Includes all domains in a multidomain system
- B. Uses the XML format to export all reporting
- C. Includes the current domain in a multidomain system
- D. Uses the same templates available to standard reports
Correct Answer: C
Question 362
An engineer is configuring a multidomain instance of Cisco Secure Firewall Management Center. The instance must be integrated with Cisco Secure Endpoint. What must the engineer configure to allow multiple domains to have hosts with the same IP-MAC address pairs?
- A. Global domain
- B. Leaf domain
- C. Second-level domain
- D. Subdomain
Correct Answer: A
Question 363
An engineer must configure high availability on two Cisco Secure Firewall Threat Defense appliances. Drag and drop the configuration steps from the left into the sequence on the right.
Question 364
Refer to the exhibit. An engineer must import three network objects into the Cisco Secure Firewall Management Center by using a CSV file. Which header must be configured in the CSV file to accomplish the task?
- A. NAME;DESCRIPTION;TYPE;VALUE;LOOKUP;
- B. Name;Description;Type; Value;Lookup;
- C. Name;Description;Type; Value; DN;
- D. NAME;DESCRIPTION;TYPE;VALUE:DN;
Correct Answer: C
Question 365
An administrator configures a Cisco Secure Firewall Threat Defense device in transparent mode. To configure the BVI, the administrator must:
- add a bridge-group interface
- configure a bridge-group ID
- configure the bridge-group interface description
- add bridge-group member interfaces
How must the engineer perform these actions?
- A. Configure a name for the bridge-group interface.
- B. Set a security zone for the bridge-group interface.
- C. Set the bridge-group interface mode to transparent.
- D. Configure an IP address for the bridge-group interface.
Correct Answer: D
Question 366
An engineer is configuring two new Cisco Secure Firewall Threat Defense devices to replace the existing firewalls. Network traffic must be analyzed for intrusion events without impacting the traffic. What must the engineer implement next to accomplish the goal?
- A. Passive mode
- B. Inline Pair in Tap mode
- C. ERSPAN Passive mode
- D. Inline Pair mode
Correct Answer: A
Question 367
Which two solutions are used to access and view aggregated log data from the firewalls using Cisco Security Analytics and Logging? (Choose two.)
- A. Cisco Catalyst Center
- B. Secure Cloud Analytics
- C. Cisco Prime Infrastructure
- D. Cisco Defense Orchestrator
- E. Cisco Secure Network Analytics
Correct Answer: B, D
Question 368
Refer to the exhibit. A Cisco Secure Firewall Management Center, 7.0 device fails to receive intelligence feed updates. The Cisco Secure Firewall Management Center is configured to use a proxy server that performs SSL inspection. Which action allows the Cisco Secure Firewall Management Center device to download the intelligence feed updates?
- A. Ensure that proxy authentication is disabled for the Cisco Secure Firewall Management Center device.
- B. Verify that the proxy server can use HTTPS to communicate to the internet.
- C. Bypass the proxy server for intelligence sourcefire.com.
- D. Install a self-signed certificate on the proxy server for intelligence sourfire.com.
Correct Answer: C
Question 369
Refer to the exhibit. Users attempt to connect to numerous external resources on various TCP ports. If the users mistype the port, their connection closes immediately, and it takes more than one minute before the connection is torn down. An engineer manages to capture both types of connections as shown in the exhibit. What must the engineer configure to lower the timeout values for the second group of connections and resolve the user issues?
- A. outbound access rule that allows the entire ICMP protocol suite.
- B. nbound access rule that allows ICMP Type 3 from outside.
- C. outbound access rule with the Block with reset action.
- D. inbound access rule that allows TCP reset packets from outside.
Correct Answer: C
Question 370
An engineer must implement static route tracking on a Cisco Secure Firewall Threat Defense appliance. Static route and IP SLA operation has already been configured. Static route must be removed from the routing table if the tracked object is unreachable. Which action must the engineer take next to meet the requirement?
- A. Assign a tracking object to the static route and the IP SLA operation.
- B. Enable an ICMP redirect message on the interface connected to the backup path.
- C. Implement a secondary route that has a higher precedence.
- D. Enable the IP SLA Responder on the backup path interface.
Correct Answer: A