Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 181:

  A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an FTD device in routed mode?

  A. by assigning an inline set interface
  B. by using a BVI and creating a BVI IP address in the same subnet as the user segment
  C. by leveraging the ARP to direct traffic through the firewall
  D. by bypassing protocol inspection by leveraging pre-filter rules
  B. by using a BVI and creating a BVI IP address in the same subnet as the user segment

  ---

  "without creating another IP subnet". A BVI requires a subnet interface. Inline set acts like layer 2 but can be set up in a FTD in routed mode. No need for creating additionel IP-addresses or l3-interfaces. See "Inline IPS Interfaces" on CBT nuggets, Skill: Cisco Firepower IPS/IDS. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

• Question 182:

  DRAG DROP

  Drag and drop the configuration steps from the left into the sequence on the right to enable external authentication on Cisco FMC to a RADIUS server.

  Select and Place:

  

  

• Question 183:

  In a Cisco Secure Firewall Malware Defense deployment, which disposition is returned if the cloud cannot be reached?

  A. unavailable
  B. unknown
  C. clean
  D. disconnected
  A. unavailable

• Question 184:

  In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?

  A. unavailable
  B. unknown
  C. clean
  D. disconnected
  A. unavailable

  ---

  Explanation Explanation/Reference:Unavailable indicates that the system could not query the AMP cloud https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/file_malware_events_and_network_file_trajectory.html

• Question 185:

  An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CU for the device. The CLl for the device is managed by Cisco FMC to which the engineer has access. Which action in Cisco FMC grants access to the CLl for the device?

  A. Export the configuration using the Import/Export tool within Cisco FMC.
  B. Create a backup of the configuration within the Cisco FMC.
  C. Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.
  D. Download the configuration file within the File Download section of Cisco FMC.
  C. Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.

• Question 186:

  Which two field can be used to create a new email alert within the Cisco Firepower Management center under Policies > Actions > Alerts tab? (Choose two.)

  A. Device
  B. Source
  C. Destination
  D. From
  E. Relay Host
  D. From
  E. Relay Host

• Question 187:

  An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to- peer applications are being used on the network and they must identify which poses the greatest risk to the environment.

  Which report gives the analyst this information?

  A. Attacks Risk Report
  B. User Risk Report
  C. Network Risk Report
  D. Advanced Malware Risk Report
  C. Network Risk Report

• Question 188:

  Refer to the following informations:

  Phase: 16 Type: SNORT Subtype: Result: DROP Config: Additional Information: Snort Trace: Packet: ICMP Session: new snort session Firewall: Starting rule matching, zone 4 -> 1, geo 0 -> e, vlan 0, sgt 0, src sgt type 0, dest_sgt_tag 0, dest sgt type 0, username `No Authentication Required',, ICMP Type: 8, icmpCode 0 Firewall: block rule, `ping', drop Snort: processed decoder alerts or actions queue, drop Snort id: 0, NAP: id 2, IPS ID: 0, Verdict: BLACKLIST, Blocked by Firewall Snort Verdict: (black-list) blacklist this flow

  Result: Input-interface: ACCESS41_Inside1 Input-status: up Input-line-status: up Action: drop Drop-reason: (firewall) Blocked or blacklisted by the Firewall preprocessor, Drop-location, frame 0x000055d2b0fsb7c0 flow (NA)/NA

  A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that the ping packets reach the destination and that the host receives replies?

  A. Create an access control policy rule that allows ICMP traffic.
  B. Configure a custom Snort signature to allow ICMP traffic after Inspection.
  C. Modify the Snort rules to allow ICMP traffic.
  D. Create an ICMP allow list and add the ICMP destination to remove it from the implicit deny list.
  A. Create an access control policy rule that allows ICMP traffic.

• Question 189:

  A network engineer is tasked with minimizing traffic interruption during peak traffic times. When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this issue?

  A. Enable IPS inline link state propagation
  B. Enable Pre-filter policies before the SNORT engine failure
  C. Set a Trust ALL access control policy
  D. Enable Automatic Application Bypass
  D. Enable Automatic Application Bypass

• Question 190:

  A network engineer sets up a secondary Cisco FMC that is integrated with Cisco Security Packet Analyzer. What occurs when the secondary Cisco FMC synchronizes with the primary Cisco FMC?

  A. The existing configuration for integration of the secondary Cisco FMC the Cisco Security Packet Analyzer is overwritten.
  B. The synchronization between the primary and secondary Cisco FMC fails.
  C. The existing integration configuration is replicated to the primary Cisco FMC.
  D. The secondary Cisco FMC must be reintegrated with the Cisco Security Packet Analyzer after the synchronization.
  A. The existing configuration for integration of the secondary Cisco FMC the Cisco Security Packet Analyzer is overwritten.