Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 231:

  An administrator is setting up a Cisco FMC and must provide expert mode access for a security engineer. The engineer is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

  A. Enable SSH and define an access list.
  B. Enable HTTPS and SNMP under the Access List section.
  C. Enable SCP under the Access List section.
  D. Enable HTTP and define an access list.
  A. Enable SSH and define an access list.

• Question 232:

  A network administrator must create an EtherChannel interface on a Cisco Secure Firewall Threat Defense 9300 appliance registered with Cisco Secure Firewall Management Center for High Availability. Where must the administrator create the EtherChannel interface?

  A. Cisco Secure Firewall Management Center GUI
  B. Cisco Secure Firewall Management Center CLI
  C. Cisco Secure Firewall Threat Defense CLI
  D. Firepower eXtensible Operating System (FXOS) CLI
  D. Firepower eXtensible Operating System (FXOS) CLI

• Question 233:

  A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one. Which action accomplishes this task?

  A. Create a new dashboard object via Object Management to represent the desired views.
  B. Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.
  C. Copy the Malware Report and modify the sections to pull components from other reports.
  D. Use the import feature in the newly created report to select which dashboards to add.
  D. Use the import feature in the newly created report to select which dashboards to add.

• Question 234:

  Refer to the exhibit.

  

  An engineer is deploying a new instance of Cisco Secure Firewall Threat Defense.

  Which action must the engineer take next so that Client_A and Client_B receive an IP address via DHCP from Server_A?

  A. Disable all the DHCP Snort rules by using Secure Firewall Device Manager.
  B. Add access rules that allow DHCP traffic by using Cisco Secure Firewall Management Center.
  C. Disable Option 82 in the DHCP relay configuration properties using Secure Firewall Management Center.
  D. Add access rules that allow DHCP traffic by using Cisco Secure Firewall Management Center.
  D. Add access rules that allow DHCP traffic by using Cisco Secure Firewall Management Center.

  ---

  Explanation Explanation/Reference:In a transparent mode deployment, Cisco Secure Firewall Threat Defense (FTD) does not block traffic by default but may require explicit access rules for certain protocols, such as DHCP. DHCP requests and responses must be allowed through the firewall for the clients (Client_A and Client_B) to receive an IP address from the DHCP server (Server_A). By creating access rules that permit DHCP traffic in the Cisco Secure Firewall Management Center, the engineer enables the necessary communication for DHCP to function correctly between clients and the DHCP server.

• Question 235:

  An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

  A. Configure the downstream router to perform NAT.
  B. Configure the upstream router to perform NAT.
  C. Configure the Cisco FTD firewall in routed mode with NAT enabled.
  D. Configure the Cisco FTD firewall in transparent mode with NAT enabled.
  C. Configure the Cisco FTD firewall in routed mode with NAT enabled.

• Question 236:

  When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?

  A. inline tap monitor-only mode
  B. passive monitor-only mode
  C. passive tap monitor-only mode
  D. inline mode
  A. inline tap monitor-only mode

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config/access-sfr.html Inline tap monitor-only mode (ASA inline)--In an inline tap monitor-only deployment, a copy of the traffic is sent to the ASA FirePOWER module, but it is not returned to the ASA. Inline tap mode lets you see what the ASA FirePOWER module would have done to traffic, and lets you evaluate the content of the traffic, without impacting the network. However, in this mode, the ASA does apply its policies to the traffic, so traffic can be dropped due to access rules, TCP normalization, and so forth.

• Question 237:

  Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment?

  A. Child domains can view but not edit dashboards that originate from an ancestor domain.
  B. Child domains have access to only a limited set of widgets from ancestor domains.
  C. Only the administrator of the top ancestor domain can view dashboards.
  D. Child domains cannot view dashboards that originate from an ancestor domain.
  D. Child domains cannot view dashboards that originate from an ancestor domain.

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Using_Dashboards.html

• Question 238:

  An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192.168.100.100 has the MAC address of 1234.5678.901 to help troubleshoot a connectivity issue. What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

  A. -w capture.pcap -s 1518 host 192.168.100.100 ether
  B. -w capture.pcap -s 1518 host 192.168.100.100 mac
  C. -nm src 192.168.100.100
  D. -ne src 192.168.100.100
  D. -ne src 192.168.100.100

  ---

  https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html

• Question 239:

  A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:///capture/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

  A. Disable the proxy setting on the browser
  B. Use the Cisco FTD IP address as the proxy server setting on the browser.
  C. Disable the HTTPS server and use HTTP instead
  D. Enable the HTTPS server for the device platform policy
  D. Enable the HTTPS server for the device platform policy

• Question 240:

  An organization recently implemented a transparent Cisco FTD in their network. They must ensure that the device does not respond to insecure SSL/TLS protocols. Which action accomplishes this task?

  A. Modify the device's settings using the device management feature within Cisco FMC to force only secure protocols.
  B. Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2.
  C. Enable the UCAPL/CC compliance on the device to support only the most secure protocols available.
  D. Configure a FlexConfig object to disable any insecure TLS protocols on the Cisco FTD device.
  B. Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2.