Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 241:

  Refer to the exhibit.

  

  Users attempt to connect to numerous external resources on various TCP ports. If the users mistype the port, their connection closes immediately, and it takes more than one minute before the connection is torn down. An engineer manages to capture both types of connections as shown in the exhibit. What must the engineer configure to lower the timeout values for the second group of connections and resolve the user issues?

  A. outbound access rule that allows the entire ICMP protocol suite
  B. inbound access rule that allows ICMP Type 3 from outside
  C. inbound access rule that allows TCP reset packets from outside
  D. outbound access rule with the Block with reset action
  D. outbound access rule with the Block with reset action

• Question 242:

  An engineer is deploying Cisco Secure Endpoint for the first time and on endpoint with MAC address 50:54:15:04:0:AB. The engineer must make sure that during the testing phase no files are isolated and network connections must not be blocked. Which policy type must be configured to accomplish the task?

  A. Triage
  B. Quarantine
  C. Protect
  D. Audit
  D. Audit

• Question 243:

  An organization created a custom application that is being flagged by Cisco Secure Endpoint. The application must be exempt from being flagged. What is the process to meet the requirement?

  A. Configure the custom application to use the information-store paths.
  B. Add the custom application to the DFC list and update the policy.
  C. Precalculate the hash value of the custom application and add it to the allowed applications.
  D. Modify the custom detection list to exclude the custom application.
  C. Precalculate the hash value of the custom application and add it to the allowed applications.

  ---

  To exempt a custom application from being flagged by Cisco Secure Endpoint, the organization must precalculate the hash value of the custom application and add it to the allowed applications list. This process involves creating a hash of the executable file, which uniquely identifies it, and then configuring Cisco Secure Endpoint to recognize this hash as trusted. Steps: Calculate the hash value (e.g., SHA-256) of the custom application executable. In the Cisco Secure Endpoint management console, navigate to the policy configuration. Add the calculated hash value to the list of allowed applications or exclusions. Save and deploy the updated policy. By adding the hash value to the allowed applications, Cisco Secure Endpoint will recognize the custom application as trusted and will no longer flag it. References: Cisco Secure Endpoint User Guide, Chapter on Policy Configuration and Application Whitelisting.

• Question 244:

  An engineer is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection for company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP to obtain an IP address. How must the engineer deploy the device to meet this requirement?

  A. Deploy the device in transparent mode and enable the DHCP Server feature.
  B. Deploy the device in routed mode and enable the DHCP Relay feature.
  C. Deploy the device in transparent mode and allow DHCP traffic in the access control policies.
  D. Deploy the device in routed mode and allow DHCP traffic in the access control policies.
  B. Deploy the device in routed mode and enable the DHCP Relay feature.

  ---

  By deploying the device in routed mode, the FTD acts as a Layer 3 device, allowing it to route traffic between different VLANs, including the Finance VLAN. This ensures that the FTD can provide protection for the financial data without requiring any changes to the end user workstations. Enabling the DHCP Relay feature on the FTD allows it to forward DHCP requests from the workstations on the Finance VLAN to the DHCP server. This ensures that the workstations can continue to obtain IP addresses through DHCP as they did before, without any disruption. The FTD acts as a relay agent, forwarding the DHCP traffic between the workstations and the DHCP server.

• Question 245:

  An engineer must configure the firewall to monitor traffic within a single subnet without increasing the hop count of that traffic. How would the engineer achieve this?

  A. Configure Cisco Firepower as a transparent firewall.
  B. Set up Cisco Firepower as managed by Cisco FDM.
  C. Configure Cisco Firepower in FXOS monitor only mode.
  D. Set up Cisco Firepower in intrusion prevention mode.
  A. Configure Cisco Firepower as a transparent firewall.

• Question 246:

  Administrator is attempting to remotely log into a switch in the data center using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?

  A. by running Wireshark on the administrator's PC.
  B. by performing a packet capture on the firewall.
  C. by running a packet tracer on the firewall.
  D. by attempting to access it from a different workstation.
  B. by performing a packet capture on the firewall.

• Question 247:

  An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?

  A. Prefilter
  B. Intrusion
  C. Access Control
  D. Identity
  C. Access Control

• Question 248:

  When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?

  A. block
  B. retry
  C. replace
  D. blockflow
  B. retry

  ---

  When packet capture is used on a Cisco Secure Firewall Threat Defense (FTD) device and the packet flow is waiting on the malware query, the Snort verdict appears as "retry." This indicates that the device is still processing the malware analysis and has not yet determined the final action for the packet. The "retry" verdict signifies that the packet is in a holding state while awaiting the result of the malware inspection, which helps in maintaining the security posture until a definitive decision is made. References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Packet Capture and Malware Inspection.

• Question 249:

  An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filling the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?

  A. Exclude load balancers and NAT devices.
  B. Leave default networks.
  C. Increase the number of entries on the NAT device.
  D. Change the method to TCP/SYN.
  A. Exclude load balancers and NAT devices.

  ---

  https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Network_Discovery_Policies.html

• Question 250:

  Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?

  A. fpcollect
  B. dhclient
  C. sfmgr
  D. sftunnel
  D. sftunnel