Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-710
  5. Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with ValidTests

Exam 300-710 All Questions
Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam
Viewing page 12 out of 12 pages
Viewing questions 111-120 out of questions
Questions # 111:

A network administrator wants to block traffictoa known malware site athttps://www.badsite.comand all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

Options:

A.

Prefilter policy

B.

SSL policy

C.

DNS policy

D.

Access Control policy with URL filtering

Questions # 112:

A software development company hosts the website http:dev.company.com for contractors to share code for projects they are working on with internal developers. The web server is on premises and is protected by a Cisco Secure Firewall Threat Defense appliance. The network administrator is worried about someone trying to transmit infected files to internal users via this site. Which type of policy must be able associated with an access control policy to enable Cisco Secure Firewall Malware Defense to detect and block malware?

Options:

A.

SSL policy

B.

Prefilter policy

C.

File policy

D.

Network discovery policy

Questions # 113:

How should a high-availability pair of Cisco Secure Firewall Threat Defense Virtual appliances be deployed to Cisco Secure Firewall Management Center?

Options:

A.

Configure high availability first, then add only the primary Cisco Secure Firewall Threat Defense Virtual appliance to Cisco Secure Firewall Management Center.

B.

Add the primary and secondary Cisco Secure Firewall Threat Defense Virtual appliances to Cisco Secure Firewall Management Center first, then configure high availability.

C.

Add the primary appliance to Cisco Secure Firewall Management Center first, then configure high availability.

D.

Configure high availability first, then add the primary and secondary appliances to Cisco Secure Firewall Management Center.

Questions # 114:

An administrator is configuring the interface of a Cisco Secure Firewall Threat Defense device in a passive IPS deployment. The device and interface have been identified. Which set of configuration steps of the administrator take next to complete the implementation?

Options:

A.

Set the interface mode to passive. Associate the interface with a security zone. Set the MTU parameter. Reset the interface.

B.

Modify the interface to retransmit received traffic. Associate the interface with a security zone Enable the interface. Sat the MTU parameter.

C.

Modify the interface to retransmit received traffic. Associate the interface with a security zone. Set the MTU parameter.

D.

Set the interface mode to passive. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.

Questions # 115:

What is a result of enabling Cisco FTD clustering?

Options:

A.

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

B.

Integrated Routing and Bridging is supported on the master unit.

C.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

D.

All Firepower appliances can support Cisco FTD clustering.

Questions # 116:

Question # 116

Refer to the exhibit. An engineer analyzes a Network Risk Report from Cisco Secure Firewall Management Center. What should the engineer recommend implementing to mitigate the risk?

Options:

A.

IP address and URL blacklisting

B.

Trend analysis

C.

Network-based detection

D.

Virtual protection

Questions # 117:

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

Options:

A.

The destination MAC address is optional if a VLAN ID value is entered

B.

Only the UDP packet type is supported

C.

The output format option for the packet logs unavailable

D.

The VLAN ID and destination MAC address are optional

Questions # 118:

In a multi-tennent deployment where multiple domains are in use. which update should be applied outside of the Global Domain?

Options:

A.

minor upgrade

B.

local import of intrusion rules

C.

Cisco Geolocation Database

D.

local import of major upgrade

Questions # 119:

An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit. What is causing this issue?

Options:

A.

The primary FMC currently has devices connected to it.

B.

The code versions running on the Cisco FMC devices are different

C.

The licensing purchased does not include high availability

D.

There is only 10 Mbps of bandwidth between the two devices.

Questions # 120:

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?

Options:

A.

Identity policy

B.

Prefilter policy

C.

Network Analysis policy

D.

Intrusion policy

Viewing page 12 out of 12 pages
Viewing questions 111-120 out of questions