300-710 Securing Networks with Cisco Firepower (300-710 SNCF) Question and Answers

inline interfaces, security zones, MTU, and mode

passive interface, MTU, and mode

inline interfaces, MTU, and mode

passive interface, security zone, MTU, and mode

STP

HSRP

GLBP

VRRP

EIGRP

OSPF

static routing

IS-IS

BGP

Before re-adding the device In Cisco FMC, the manager must be added back.

The Cisco FMC web interface prompts users to re-apply access control policies.

Once a device has been deleted, It must be reconfigured before it is re-added to the Cisco FMC.

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the polices after registration is completed.

There is no option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

passive

transparent

Inline tap

Inline set

Configure Cisco Firepower as a transparent firewall

Set up Cisco Firepower as managed by Cisco FDM

Configure Cisco Firepower in FXOS monitor only mode.

Set up Cisco Firepower in intrusion prevention mode

transparent

routed

clustered

intra-chassis multi-instance

virtual appliance in public cloud

passive

inline

ERSPAN

TAP

Redundant Interface

EtherChannel

Speed

Media Type

Duplex

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

Integrated Routing and Bridging is supported on the master unit.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

All Firepower appliances can support Cisco FTD clustering.

CIFS

IMAP

SSL

DNP3

ICMP

in active/active mode

in a cluster span EtherChannel

in active/passive mode

in cluster interface mode

Cisco Firepower Threat Defense mode

transparent mode

routed mode

integrated routing and bridging

span EtherChannel clustering

redundant interfaces

high availability active/standby firewalls

multi-instance firewalls

Add a native instance to distribute traffic to each Cisco FTD context.

Add the Cisco FTD device to the Cisco ASA port channels.

Configure a container instance in the Cisco FTD for each context in the Cisco ASA.

Configure the Cisco FTD to use port channels spanning multiple networks.

Shut down the Cisco FMC before powering up the replacement unit.

Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC.

Unregister the faulty Cisco FTD device from the Cisco FMC

Shut down the active Cisco FTD device before powering up the replacement unit.

Configure an IPS policy and enable per-rule logging.

Disable the default IPS policy and enable global logging.

Configure an IPS policy and enable global logging.

Disable the default IPS policy and enable per-rule logging.

Specify the BVl IP address as the default gateway for connected devices.

Enable routing on the Cisco Firepower

Add an IP address to the physical Cisco Firepower interfaces.

Configure a bridge group in transparent mode.

Create a firewall rule to allow CDP traffic.

Create a bridge group with the firewall interfaces.

Change the firewall mode to transparent.

Change the firewall mode to routed.

The rate-limiting rule is disabled.

Matching traffic is not rate limited.

The system rate-limits all traffic.

The system repeatedly generates warnings.

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.

Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

on each IPS rule

globally, within the network analysis policy

globally, per intrusion policy

on each access control rule

per preprocessor, within the network analysis policy

Leave default networks.

Change the method to TCP/SYN.

Increase the number of entries on the NAT device.

Exclude load balancers and NAT devices.

A manual NAT exemption rule does not exist at the top of the NAT table.

An external NAT IP address is not configured.

An external NAT IP address is configured to match the wrong interface.

An object NAT exemption rule does not exist at the top of the NAT table.

The BVI IP address must be in a separate subnet from the connected network.

Bridge groups are supported in both transparent and routed firewall modes.

Bridge groups are supported only in transparent firewall mode.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

Each directly connected network must be on the same subnet.

BGPv6

ECMP with up to three equal cost paths across multiple interfaces

ECMP with up to three equal cost paths across a single interface

BGPv4 in transparent firewall mode

BGPv4 with nonstop forwarding

Traffic inspection can be interrupted temporarily when configuration changes are deployed.

The system performs intrusion inspection followed by file inspection.

They can block traffic based on Security Intelligence data.

File policies use an associated variable set to perform intrusion prevention.

The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.

The malware license has not been applied to the Cisco FTD.

The Cisco FMC cannot reach the Internet to analyze files.

A file policy has not been applied to the access policy.

Only Spero file analysis is enabled.

FlexConfig

BDI

SGT

IRB

Monitor

Block

Interactive Block

Allow with Warning

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

reputation-based objects, such as URL categories

OSPFv2 with IPv6 capabilities

virtual links

SHA authentication to OSPF packets

area boundary router type 1 LSA filtering

MD5 authentication to OSPF packets

time range

security group tag

network object

DNS server group

configure manager local 10.0.0.10 Cisco123

configure manager add Cisco123 10.0.0.10

configure manager local Cisco123 10.0.0.10

configure manager add 10.0.0.10 Cisco123

Modify the system-provided block page result using Python.

Create HTML code with the information for the policies and procedures.

Edit the HTTP request handling in the access control policy to customized block.

Write CSS code with the information for the policies and procedures.

Change the HTTP response in the access control policy to custom.

VPN connections can be re-established only if the failed master unit recovers.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

VPN connections must be re-established when a new master unit is elected.

Only established VPN connections are maintained when a new master unit is elected.

The interfaces are being used for NAT for multiple networks.

The administrator is adding interfaces of multiple types.

The administrator is adding an interface that is in multiple zones.

The interfaces belong to multiple interface groups.

Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.

Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.

Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.

Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.

Create a custom search in Firepower Management Center and select it in each section of the report.

Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.

Add a Table View section to the report with the Search field defined as the network in CIDR format.

Select IP Address as the X-Axis in each section of the report.

The NAT ID is required since the Cisco FMC is behind a NAT device.

The IP address used should be that of the Cisco FTD. not the Cisco FMC.

DONOTRESOLVE must be added to the command

The registration key is missing from the command

Block with Reset

Monitor

Analyze

Discover

Block ALL

Modify the Cisco ISE authorization policy to deny this access to the user.

Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.

Add the unknown user in the Access Control Policy in Cisco FTD.

Add the unknown user in the Malware & File Policy in Cisco FTD.

change of authentication

share context data

TACACS+

trustsec segmentation

Add a URL source and select the flat file type within Cisco FMC.

Upload the .txt file and configure automatic updates using the embedded URL.

Add a TAXII feed source and input the URL for the feed.

Convert the .txt file to STIX and upload it to the Cisco FMC.

multiple deployment

single-context

single deployment

multi-instance

system support view-files

sudo sf_troubleshoot.pl

system generate-troubleshoot all

show tech-support

to mix transport protocols when setting both source and destination port conditions in a rule

to represent protocols other than TCP, UDP, and ICMP

to represent all protocols in the same way

to add any protocol other than TCP or UDP for source port conditions in access control rules.

show running-config

show tech-support chassis

system support diagnostic-cli

sudo sf_troubleshoot.pl

box lever chart

arrow chart

bar chart

benchmark chart

when capture packets are less than 16 MB

when capture packets are restricted from the secondary memory

when capture packets exceed 10 GB

when capture packets exceed 32 MB

system support ssl-client-hello-tuning

system support ssl-client-hello-display

system support ssl-client-hello-force-reset

system support ssl-client-hello-enabled

/etc/sf/DCMIB.ALERT

/sf/etc/DCEALERT.MIB

/etc/sf/DCEALERT.MIB

system/etc/DCEALERT.MIB

Cisco Deep Analytics

OpenDNS Group

Cisco Network Response

Cisco Talos

Child domains can view but not edit dashboards that originate from an ancestor domain.

Child domains have access to only a limited set of widgets from ancestor domains.

Only the administrator of the top ancestor domain can view dashboards.

Child domains cannot view dashboards that originate from an ancestor domain.

system support firewall-engine-debug

system support ssl-debug

system support platform

system support dump-table

configure high-availability resume

configure high-availability disable

system support network-options

configure high-availability suspend

outbound port TCP/443

inbound port TCP/80

outbound port TCP/8080

inbound port TCP/443

outbound port TCP/80

The option indicates whether the packet was dropped or successful.

The option indicated whether the destination host responds through a different path.

The option limits the number of packets that are captured.

The option captures details of each packet.

20

10

5

unlimited

system generate-troubleshoot

show configuration session

show managers

show running-config | include manager

User login and history data are removed from the database if the User Activity check box is selected.

Data can be recovered from the device.

The appropriate process is restarted.

The specified data is removed from Cisco FMC and kept for two weeks.

dashboard

reporting

context explorer

summary tool

configure coredump packet-engine enable

capture-traffic

capture

capture WORD

rate-limiting

suspending

correlation

thresholding

Delete the existing object in use.

Refresh the Cisco FMC GUI for the access control policy.

Redeploy the updated configuration.

Create another rule using a different object name.

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re- apply the policies after registration is completed.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

No option to delete and re-add a device is available in the Cisco FMC web interface.

The Cisco FMC web interface prompts users to re-apply access control policies.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

1024

8192

4096

2048

same flash memory size

same NTP configuration

same DHCP/PPoE configuration

same host name

same number of interfaces

transparent inline mode

TAP mode

strict TCP enforcement

propagate link state

Deploy the firewall in transparent mode with access control policies.

Deploy the firewall in routed mode with access control policies.

Deploy the firewall in routed mode with NAT configured.

Deploy the firewall in transparent mode with NAT configured.

All types of Cisco Firepower devices are supported.

An on-premises proxy server does not need to be set up and maintained.

Cisco Firepower devices do not need to be connected to the Internet.

Supports all devices that are running supported versions of Cisco Firepower.

generate events

drop packet

drop connection

drop and generate

NetFlow v9

PCAP

NetFlow v5

IPFIX

Analysis > Status with a sliding time window of one day

Events by priority and classification and set a sliding time window of one day

Reports with a daily recurring task that generates based on the network risk report template

Security Intelligence Statistics dashboard set to Show the Last option to one day

Configure the downstream router to perform NAT.

Configure the upstream router to perform NAT.

Configure the Cisco FTD firewall in routed mode with NAT enabled.

Configure the Cisco FTD firewall in transparent mode with NAT enabled.

Network Analysis Policy

Advanced

Security Intelligence

SSL

Create a new dashboard object via Object Management to represent the desired views.

Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.

Copy the Malware Report and modify the sections to pull components from other reports.

Use the import feature in the newly created report to select which dashboards to add.

file and malware policy

application detector

intrusion policy

correlation policy

Firepower devices do not need to be connected to the internet.

All types of Firepower devices are supported.

Supports all devices that are running supported versions of Firepower

An on-premises proxy server does not need to set up and maintained

Cisco Secure Network Analytics

Cisco Defense Orchestrator

Cisco Catalyst Center

Secure Cloud Analytics

Cisco Prime Infrastructure

Perl script

NBAR protocol

LUA script

Python program

Logging is not enabled for the rule.

The rule was not enabled after being created.

The wrong source interface for Snort was selected in the rule.

An incorrect application signature was used in the rule.

Only the UDP packet type is supported.

The output format option for the packet logs is unavailable.

The destination MAC address is optional if a VLAN ID value is entered.

The VLAN ID and destination MAC address are optional.

Enable IPS inline link state propagation

Enable Pre-filter policies before the SNORT engine failure.

Set a Trust ALL access control policy.

Enable Automatic Application Bypass.

outbound access rule that allows the entire ICMP protocol suite

inbound access rule that allows ICMP Type 3 from outside

inbound access rule that allows TCP reset packets from outside

outbound access rule with the Block with reset action

Run the configure manager add routed command from the Secure FTD device CL1, and reregister with Secure FMC.

Run the configure firewall routed command from the Secure FTD device CD, and reregister with Secure FMC.

Run the configure manager add routed command from the Secure FMC CLI. and reregister with Secure FMC.

Run the configure firewall routed command from the Secure FMC CLI. and reregister with Secure FMC.

Transparent mode with inline tap monitor-only mode

Routed mode with passive monitor-only mode

Transparent mode with passive monitor-only mode

Routed mode with inline tap monitor-only mode

SHA-1024

SHA-4096

SHA-512

SHA-256

Windows domain controller

audit

triage

protection

non-malicious

malware

known-good

pristine

dynamic null route configured

DHCP pool disablement

quarantine

port shutdown

host shutdown

pxGrid

FTD RTC

FMC RTC

ISEGrid

application blocking

simple custom detection

file repository

exclusions

application whitelisting

Add the malicious file to the block list.

Send a snapshot to Cisco for technical support.

Forward the result of the investigation to an external threat-analysis engine.

Wait for Cisco Threat Response to automatically block the malware.

unavailable

unknown

clean

disconnected