Pass 300-710 SNCF in Just 3 Days – Stress-Free!
Get your 300-710 Securing Networks with Cisco Firepower certification with 100% pass guarantee. Pay only after passing!
Click here to secure your guaranteed certification now!
Have questions? Contact us directly on WhatsApp for quick support!
Question 51
In which two places are thresholding settings configured? (Choose two.)
- A. On each IPS rule
- B. Globally, within the network analysis policy
- C. Globally, per intrusion policy
- D. On each access control rule
- E. Per preprocessor, within the network analysis policy
Correct Answer: A, C
Question 52
In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)
- A. Traffic inspection is interrupted temporarily when configuration changes are deployed.
- B. The system performs intrusion inspection followed by file inspection.
- C. They block traffic based on Security Intelligence data.
- D. File policies use an associated variable set to perform intrusion prevention.
- E. The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.
Correct Answer: C, E
Question 53
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
- A. Dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.
- B. Reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists.
- C. Network-based objects that represent IP addresses and networks, VLAN tags, security zones, and origin/destination country.
- D. Port/protocol pairs, network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones, and origin/destination country.
- E. Reputation-based objects, such as URL categories.
Correct Answer: B, C
Question 54
A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the application rules?
- A. Utilizing a dynamic ACP that updates from Cisco Talos
- B. Creating a unique ACP per device
- C. Utilizing policy inheritance
- D. Creating an ACP with an INSIDE_NET network object and object overrides
Correct Answer: D
Question 55
An organization has seen a lot of traffic congestion on their links going out to the internet. There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?
- A. Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses.
- B. Create a flexconfig policy to use WCCP for application aware bandwidth limiting.
- C. Create a QoS policy rate-limiting high bandwidth applications.
- D. Create a VPN policy so that direct tunnels are established to the business applications.
Correct Answer: C
Question 56
An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?
- A. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.
- B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.
- C. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.
- D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.
Correct Answer: D
Question 57
An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information. Which two widgets must be configured to provide this information?
- A. Intrusion Events
- B. Correlation Information
- C. Appliance Status
- D. Current Sessions
- E. Network Compliance
Correct Answer: A, C
Question 58
There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic. What is a result of enabling TLS/SSL decryption to allow this visibility?
- A. It prompts the need for a corporate managed certificate.
- B. It will fail if certificate pinning is not enforced.
- C. It has minimal performance impact.
- D. It is not subject to any Privacy regulations.
Correct Answer: C
Question 59
An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue?
- A. Confirm that both devices are running the same software version.
- B. Confirm that both devices are configured with the same types of interfaces.
- C. Confirm that both devices have the same flash memory sizes.
- D. Confirm that both devices have the same port-channel numbering.
Correct Answer: C
Question 60
An organization wants to secure traffic from their branch office to the headquarters building using Cisco Firepower devices. They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?
- A. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.
- B. Tune the intrusion policies in order to allow the VPN traffic through without inspection.
- C. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies.
- D. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic.
Correct Answer: D