300-710 Securing Networks with Cisco Firepower (300-710 SNCF) Question and Answers

The BVI IP address must be in a separate subnet from the connected network.

Bridge groups are supported in both transparent and routed firewall modes.

Bridge groups are supported only in transparent firewall mode.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

Each directly connected network must be on the same subnet.

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

reputation-based objects, such as URL categories

Block with Reset

Monitor

Analyze

Discover

Block ALL

Traffic inspection can be interrupted temporarily when configuration changes are deployed.

The system performs intrusion inspection followed by file inspection.

They can block traffic based on Security Intelligence data.

File policies use an associated variable set to perform intrusion prevention.

The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.

Use the host filter in the packet capture to capture traffic to or from a specific host.

Redirect the packet capture output to a. pcap file that can be opened with Wireshark.

Use the -c option to restrict the packet capture to only the first 100 packets.

Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.

Identity policy

Prefilter policy

Network Analysis policy

Intrusion policy

redundant interfaces on the firewall cluster mode and switches

redundant interfaces on the firewall noncluster mode and switches

vPC on the switches to the interface mode on the firewall duster

vPC on the switches to the span EtherChannel on the firewall cluster

The backup file is not in .cfg format.

The wrong IP address is used.

The backup file extension was changed from .tar to .zip.

The directory location is incorrect.

Configure high-availability in both the primary and secondary Cisco FMCs

Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length.

Place the active Cisco FMC device on the same trusted management network as the standby device

Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails

Deploy the device in routed mode and allow DHCP traffic in the access control policies.

Deploy the device in routed made aid enable the DHCP Relay feature.

Deploy the device in transparent mode and allow DHCP traffic in the access control policies

Deploy the device in transparent mode and enable the DHCP Server feature.

A manual NAT exemption rule does not exist at the top of the NAT table.

An external NAT IP address is not configured.

An external NAT IP address is configured to match the wrong interface.

An object NAT exemption rule does not exist at the top of the NAT table.

The destination MAC address is optional if a VLAN ID value is entered

Only the UDP packet type is supported

The output format option for the packet logs unavailable

The VLAN ID and destination MAC address are optional

by running Wireshark on the administrator's PC

by performing a packet capture on the firewall.

by running a packet tracer on the firewall.

by attempting to access it from a different workstation.

dynamic null route configured

DHCP pool disablement

quarantine

port shutdown

host shutdown

pxGrid

FTD RTC

FMC RTC

ISEGrid

Windows domain controller

audit

triage

protection

application blocking

simple custom detection

file repository

exclusions

application whitelisting

unavailable

unknown

clean

disconnected

SHA-1024

SHA-4096

SHA-512

SHA-256

Add the malicious file to the block list.

Send a snapshot to Cisco for technical support.

Forward the result of the investigation to an external threat-analysis engine.

Wait for Cisco Threat Response to automatically block the malware.

non-malicious

malware

known-good

pristine

show running-config

show tech-support chassis

system support diagnostic-cli

sudo sf_troubleshoot.pl

privileged

user

configuration

admin

box lever chart

arrow chart

bar chart

benchmark chart

1024

8192

4096

2048

Cisco Deep Analytics

OpenDNS Group

Cisco Network Response

Cisco Talos

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re- apply the policies after registration is completed.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

No option to delete and re-add a device is available in the Cisco FMC web interface.

The Cisco FMC web interface prompts users to re-apply access control policies.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

system generate-troubleshoot

show configuration session

show managers

show running-config | include manager

User login and history data are removed from the database if the User Activity check box is selected.

Data can be recovered from the device.

The appropriate process is restarted.

The specified data is removed from Cisco FMC and kept for two weeks.

Layer 7 network ID

source IP

application ID

dynamic firewall importing

protocol

Delete the existing object in use.

Refresh the Cisco FMC GUI for the access control policy.

Redeploy the updated configuration.

Create another rule using a different object name.

/etc/sf/DCMIB.ALERT

/sf/etc/DCEALERT.MIB

/etc/sf/DCEALERT.MIB

system/etc/DCEALERT.MIB

rate-limiting

suspending

correlation

thresholding

system support view-files

sudo sf_troubleshoot.pl

system generate-troubleshoot all

show tech-support

to mix transport protocols when setting both source and destination port conditions in a rule

to represent protocols other than TCP, UDP, and ICMP

to represent all protocols in the same way

to add any protocol other than TCP or UDP for source port conditions in access control rules.

interface-based VLAN switching

inter-chassis clustering VLAN

integrated routing and bridging

Cisco ISE Security Group Tag

Modify the system-provided block page result using Python.

Create HTML code with the information for the policies and procedures.

Edit the HTTP request handling in the access control policy to customized block.

Write CSS code with the information for the policies and procedures.

Change the HTTP response in the access control policy to custom.

The interfaces are being used for NAT for multiple networks.

The administrator is adding interfaces of multiple types.

The administrator is adding an interface that is in multiple zones.

The interfaces belong to multiple interface groups.

Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.

Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.

Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.

Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.

configure manager local 10.0.0.10 Cisco123

configure manager add Cisco123 10.0.0.10

configure manager local Cisco123 10.0.0.10

configure manager add 10.0.0.10 Cisco123

Create a custom search in Firepower Management Center and select it in each section of the report.

Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.

Add a Table View section to the report with the Search field defined as the network in CIDR format.

Select IP Address as the X-Axis in each section of the report.

time range

security group tag

network object

DNS server group

The malware license has not been applied to the Cisco FTD.

The Cisco FMC cannot reach the Internet to analyze files.

A file policy has not been applied to the access policy.

Only Spero file analysis is enabled.

BGPv6

ECMP with up to three equal cost paths across multiple interfaces

ECMP with up to three equal cost paths across a single interface

BGPv4 in transparent firewall mode

BGPv4 with nonstop forwarding

The units must be the same version

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

The units must be different models if they are part of the same series.

The units must be configured only for firewall routed mode.

The units must be the same model.

passive

inline

ERSPAN

TAP

STP

HSRP

GLBP

VRRP

in active/active mode

in a cluster span EtherChannel

in active/passive mode

in cluster interface mode

a default DMZ policy for which only a user can change the IP addresses.

deny ip any

no policy rule is included

permit ip any

same flash memory size

same NTP configuration

same DHCP/PPoE configuration

same host name

same number of interfaces

Inline tap mode can send a copy of the traffic to another device.

Inline tap mode does full packet capture.

Inline mode cannot do SSL decryption.

Inline mode can drop malicious traffic.

Shut down the Cisco FMC before powering up the replacement unit.

Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC.

Unregister the faulty Cisco FTD device from the Cisco FMC

Shut down the active Cisco FTD device before powering up the replacement unit.

Deploy the firewall in transparent mode with access control policies.

Deploy the firewall in routed mode with access control policies.

Deploy the firewall in routed mode with NAT configured.

Deploy the firewall in transparent mode with NAT configured.

Redundant Interface

EtherChannel

Speed

Media Type

Duplex

CIFS

IMAP

SSL

DNP3

ICMP

Add a native instance to distribute traffic to each Cisco FTD context.

Add the Cisco FTD device to the Cisco ASA port channels.

Configure a container instance in the Cisco FTD for each context in the Cisco ASA.

Configure the Cisco FTD to use port channels spanning multiple networks.

inline interfaces, security zones, MTU, and mode

passive interface, MTU, and mode

inline interfaces, MTU, and mode

passive interface, security zone, MTU, and mode

Cisco Firepower Threat Defense mode

transparent mode

routed mode

integrated routing and bridging

inline tap monitor-only mode

passive monitor-only mode

passive tap monitor-only mode

inline mode