Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 201:

  An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?

  A. routed
  B. passive
  C. transparent
  D. inline tap
  D. inline tap

• Question 202:

  An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation. During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass. Which default policy should be used?

  A. Balanced Security and Connectivity
  B. Security Over Connectivity
  C. Maximum Detection
  D. Connectivity Over Security
  A. Balanced Security and Connectivity

  ---

  Explanation Explanation/Reference:Balanced Security and Connectivity network analysis and intrusion policies These policies are built for both speed and detection. Used together, they serve as a good starting point for most networks and deployment types. The system uses the Balanced Security and Connectivity network analysis policy as the default. https://www.cisco.com/c/en/us/td/docs/security/firepower/670/fdm/fptd-fdm-config-guide-670/fptd-fdm-intrusion.html

• Question 203:

  A network administrator is reviewing a monthly advanced malware risk report and notices a host that Is listed as CnC Connected. Where must the administrator look within Cisco FMC to further determine if this host is infected with malware?

  A. Analysis > Hosts > indications of Compromise
  B. Analysts > Files > Malware Events
  C. Analysis > Hosts > Host Attributes
  D. Analysis > Flies > Network File Trajectory
  A. Analysis > Hosts > indications of Compromise

  ---

  To determine if a host is infected with malware, the network administrator can look at the Indications of Compromise (IOC) feature in Cisco FMC. The IOC feature analyzes network and endpoint data collected by Firepower sensors and AMP for Endpoints connectors, and identifies hosts that exhibit signs of compromise or infection. The IOC feature uses predefined rules based on Cisco Talos intelligence and other sources to detect IOCs on hosts. One of these rules is CnC Connected, which indicates that a host has communicated with a command-and-control (CnC) server that is known to be associated with malware activity2. To view the IOC information for a host, the network administrator can navigate to Analysis > Hosts > Indications of Compromise in Cisco FMC, and select a host from the table. The IOC Details page will show the IOC events for that host, including the CnC Connected event, along with other information such as severity, timestamp, source, destination, protocol, and rule name. The network administrator can also view more details about each IOC event by clicking on it2. The other options are incorrect because: Analysis > Files > Malware Events shows information about files that have been detected as malware by Firepower sensors or AMP for Endpoints connectors. This does not show information about hosts that are infected with malware or have communicated with CnC servers3. Analysis > Hosts > Host Attributes shows information about hosts that have been discovered by Firepower sensors, such as IP address, MAC address, operating system, applications, users, vulnerabilities, and so on. This does not show information about IOCs or CnC connections on hosts4. Analysis > Files > Network File Trajectory shows information about files that have traversed your network and have been detected by Firepower sensors or AMP for Endpoints connectors. This allows you to track where a file came from, where it went, and what happened to it along the way. This does not show information about hosts that are infected with malware or have communicated with CnC servers5.

• Question 204:

  An engineer is configuring a custom application detector for HTTP traffic and wants to import a file that was provided by a third party. Which type of flies are advanced application detectors creates and uploaded as?

  A. Perl script
  B. NBAR protocol
  C. LUA script
  D. Python program
  C. LUA script

  ---

  A custom application detector is a user-defined script that can detect web applications, clients, and application protocols based on patterns in network traffic. Custom application detectors are written in LUA, which is a lightweight and embeddable scripting language. LUA scripts can use predefined functions and variables provided by the Firepower System to access packet data and metadata, and to specify the detection criteria and the application information1. To import a custom application detector file that was provided by a third party, you need to follow these steps1: In the FMC web interface, navigate to Objects > Object Management > Application Detectors. Click Import. Browse to the location of the LUA script file and select it. Click Upload. Review the detector details and click Save. The other options are incorrect because: Perl script is not a supported format for custom application detectors. Perl is a general-purpose programming language that is not embedded in the Firepower System. NBAR protocol is not a file type, but a feature of Cisco IOS routers that can classify and monitor network traffic based on application types. NBAR protocols are predefined and cannot be imported as custom application detectors. Python program is not a supported format for custom application detectors. Python is a general-purpose programming language that is not embedded in the Firepower System.

• Question 205:

  An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

  A. Enable SSH and define an access list.
  B. Enable HTTP and define an access list.
  C. Enable SCP under the Access List section.
  D. Enable HTTPS and SNMP under the Access List section.
  A. Enable SSH and define an access list.

• Question 206:

  A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics. What must be configured to meet the requirements?

  A. Spero analysis
  B. local malware analysis
  C. capacity handling
  D. dynamic analysis
  B. local malware analysis

  ---

  To create a malware and file policy on a Cisco Secure Firewall Threat Defense (FTD) device that ensures PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics, the security engineer must configure local malware analysis. Local malware analysis allows the FTD to inspect and analyze files locally without sending them to the cloud-based Cisco Secure Malware Analytics. Steps to configure local malware analysis: In FMC, navigate to Policies > Access Control > Malware and File Policies. Create a new malware and file policy or edit an existing one. Define rules to inspect specific file types, ensuring that PDF, DOCX, and XLSX files are handled locally. Set the action for these file types to "Local Analysis." Apply the policy to the relevant access control policy. This configuration ensures that the specified file types are analyzed locally, meeting the requirement to avoid sending them to Cisco Secure Malware Analytics. References: Cisco Secure Firewall Management Center Configuration Guide, Chapter on Malware and File Policies

• Question 207:

  An engineer must replace a Cisco Secure Firewall high-availability device due to a failure. When the replacement device arrives, the engineer must separate the high-availability pair from Cisco Secure Firewall Management Center

  Which action must the engineer take first to restore high availability?

  A. Register the secondary device
  B. Force a break between the devices.
  C. Unregister the secondary device.
  D. Configure NTP time synchronization.
  C. Unregister the secondary device.

  ---

  When replacing a Cisco Secure Firewall high-availability (HA) device due to a failure, the first step the engineer must take is to unregister the secondary (failed) device from the Cisco Secure Firewall Management Center (FMC). This action separates the HA pair and ensures that the new replacement device can be registered and configured correctly. Steps: Access the FMC and navigate to the device management section. Unregister the failed secondary device to remove it from the HA pair. Register the replacement device to the FMC. Reconfigure the HA settings to restore the high-availability configuration. By unregistering the failed device first, the engineer ensures a clean setup for the replacement device, avoiding potential conflicts or issues in the HA configuration. References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on High Availability Configuration.

• Question 208:

  What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog?

  A. All types of Cisco Firepower devices are supported.
  B. An on-premises proxy server does not need to be set up and maintained.
  C. Cisco Firepower devices do not need to be connected to the Internet.
  D. Supports all devices that are running supported versions of Cisco Firepower.
  B. An on-premises proxy server does not need to be set up and maintained.

• Question 209:

  A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules detect only critical conditions and avoid false positives?

  A. Connectivity Over Security
  B. Balanced Security and Connectivity
  C. Maximum Detection
  D. No Rules Active
  A. Connectivity Over Security

• Question 210:

  An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?

  A. The interfaces are being used for NAT for multiple networks.
  B. The administrator is adding interfaces of multiple types.
  C. The administrator is adding an interface that is in multiple zones.
  D. The interfaces belong to multiple interface groups.
  B. The administrator is adding interfaces of multiple types.

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/ reusable_objects.html#ID-2243-000009b4 "All interfaces in an interface object must be of the same type: all inline, passive, switched, routed, or ASA FirePOWER. After you create an interface object, you cannot change the type of interfaces it contains."