Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 211:

  An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The intelligence source does not use STIX. but instead uses a .txt file format. Which action ensures that regular updates are provided?

  A. Add a URL source and select the flat file type within Cisco FMC.
  B. Upload the .txt file and configure automatic updates using the embedded URL.
  C. Add a TAXII feed source and input the URL for the feed.
  D. Convert the .txt file to STIX and upload it to the Cisco FMC.
  A. Add a URL source and select the flat file type within Cisco FMC.

• Question 212:

  Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

  A. same flash memory size
  B. same NTP configuration
  C. same DHCP/PPoE configuration
  D. same host name
  E. same number of interfaces
  B. same NTP configuration
  E. same number of interfaces

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html Conditions In order to create an HA between 2 FTD devices, these conditions must be met: Same model Same version (this applies to FXOS and to FTD - (major (first number), minor (second number), and maintenance (third number) must be equal)) Same number of interfaces Same type of interfaces Both devices as part of same group/domain in FMC Have identical Network Time Protocol (NTP) configuration Be fully deployed on the FMC without uncommitted changes Be in the same firewall mode: routed or transparent. Note that this must be checked on both FTD devices and FMC GUI since there have been cases where the FTDs had the same mode, but FMC does not reflect this. Does not have DHCP/Point-to-Point Protocol over Ethernet (PPPoE) configured in any of the interface Different hostname (Fully Qualified Domain Name (FQDN)) for both chassis. In order to check the chassis hostname navigate to FTD CLI and run this command

• Question 213:

  An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface. However, if the time is exceeded, the configuration must allow packets to bypass detection. What must be configured on the Cisco FMC to accomplish this task?

  A. Cisco ISE Security Group Tag
  B. Automatic Application Bypass
  C. Inspect Local Traffic Bypass
  D. Fast-Path Rules Bypass
  B. Automatic Application Bypass

• Question 214:

  A network administrator registered a new FTD to an existing FMC. The administrator cannot place the FTD in transparent mode. Which action enables transparent mode?

  A. Add a Bridge Group Interface to the FTD before transparent mode is configured.
  B. Dereglster the FTD device from FMC and configure transparent mode via the CLI.
  C. Obtain an FTD model that supports transparent mode.
  D. Assign an IP address to two physical interfaces.
  B. Dereglster the FTD device from FMC and configure transparent mode via the CLI.

• Question 215:

  What is the result when two users modify a VPN policy at the same time on a Cisco Secure Firewall Management Center managed device?

  A. Both users can edit the policy and the last saved configuration persists.
  B. The changes from both users will be merged together into the policy.
  C. The first user locks the configuration when selecting edit on the policy.
  D. The system prevents modifications to the policy by multiple users.
  A. Both users can edit the policy and the last saved configuration persists.

  ---

  Two users must not edit a remote access VPN policy at the same time; however, the web interface does not prevent simultaneous editing. If this occurs, the last saved configuration persists.

• Question 216:

  A network engineer detects a connectivity issue between Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense. Initial troubleshooting indicates that heartbeats and events are not being received. The engineer re-establishes the secure channels between both peers. Which two commands must the engineer run to resolve the issue? (Choose two.)

  A. manage_procs.pl
  B. show disk-manager
  C. show history
  D. sudo perfstats -Cq < /var/sf/rna/correlator-stats/now
  E. sudo stats_unified.pl
  A. manage_procs.pl
  E. sudo stats_unified.pl

  ---

  When connectivity issues are detected between Cisco Secure Firewall Management Center (FMC) and Cisco Secure Firewall Threat Defense (FTD) devices, and initial troubleshooting indicates that heartbeats and events are not being received, the engineer can run the following commands to resolve the issue by re-establishing secure channels and checking process statuses: manage_procs.pl: This script is used to manage and restart processes on the FTD device. Running this script can help restart any malfunctioning processes and reestablish connectivity between the FMC and FTD. sudo stats_unified.pl: This command provides detailed statistics and status of the unified system processes. It helps in diagnosing and resolving issues related to the secure channel and event reporting. Steps: Access the FTD CLI. Run the command manage_procs.pl to restart processes. Run the command sudo stats_unified.pl to gather detailed process statistics and verify the status. These commands help resolve connectivity issues by ensuring that all necessary processes are running correctly and secure channels are re-established. References: Cisco Secure Firewall Threat Defense Configuration Guide, Chapter on Troubleshooting and CLI Commands.

• Question 217:

  A security engineer must add a new policy to block UDP traffic to one server. The engineer adds a new object. Which action must the engineer take next to identify all the UDP ports?

  A. Specify the transport protocol and leave the port number empty.
  B. Define the transport protocol and the mandatory port range.
  C. Add the transport number and specify the type and code.
  D. Add the corresponding IP protocol number for UDP and TCP.
  A. Specify the transport protocol and leave the port number empty.

  ---

  Explanation Explanation/Reference:In Cisco Secure Firewall, when configuring policies to block specific types of traffic, the engineer can specify the transport protocol (such as UDP) without defining specific ports if the goal is to block all UDP traffic. By setting the transport protocol to UDP and leaving the port field empty, the policy applies to all UDP ports. This approach allows the security engineer to block all UDP traffic to the specified server without needing to list each individual UDP port.

• Question 218:

  Which component simplifies incident investigation with Cisco Threat Response?

  A. Cisco AMP client
  B. local CVE database
  C. Cisco Secure Firewall appliance
  D. browser plug-in
  D. browser plug-in

  ---

  Cisco Threat Response (CTR) is a security solution that helps simplify incident investigation and threat hunting. One of its components that significantly simplifies the investigation process is the browser plug-in. The browser plug-in integrates with CTR to provide contextual information directly within the browser, allowing security analysts to quickly view threat details, pivot to related information, and take appropriate actions without switching between multiple tools. Features of the browser plug-in: Provides real-time threat intelligence and context from various Cisco security products. Allows security analysts to investigate incidents directly from web-based consoles. Enhances efficiency by streamlining the workflow and reducing the time needed to gather and correlate information. References: Cisco Threat Response Documentation, Browser Plug-in Section.

• Question 219:

  Refer to the exhibit.

  

  A Cisco Secure Firewall Management Center, 7.0 device fails to receive intelligence feed updates. The Cisco Secure Firewall Management Center is configured to use a proxy server that performs SSL inspection. Which action allows the

  Cisco Secure Firewall Management Center device to download the intelligence feed updates?

  A. Install a self-signed certificate on the proxy server for intelligence.sourcefire.com.
  B. Verify that the proxy server can use HTTPS to communicate to the internet.
  C. Ensure that proxy authentication is disabled for the Cisco Secure Firewall Management Center device.
  D. Bypass the proxy server for intelligence.sourcefire.com.
  B. Verify that the proxy server can use HTTPS to communicate to the internet.

• Question 220:

  The CIO asks a network administrator to present to management a dashboard that shows custom analysis tables for the top DNS queries URL category statistics, and the URL reputation statistics. Which action must the administrator take to quickly produce this information for management?

  A. Run the Attack report and filter on DNS to show this information.
  B. Create a new dashboard and add three custom analysis widgets that specify the tables needed.
  C. Modify the Connection Events dashboard to display the information in a view for management.
  D. Copy the intrusion events dashboard tab and modify each widget to show the correct charts.
  B. Create a new dashboard and add three custom analysis widgets that specify the tables needed.