Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 271:

  An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

  A. server
  B. controller
  C. publisher
  D. client
  D. client

  ---

  https://www.ciscopress.com/articles/article.asp?p=2963461andseqNum=2

• Question 272:

  A company is deploying a Cisco Secure IPS device configured in inline mode with a single Interface set that contains four interface pairs. Which two configurations must be implemented to allow the IPS device to uniquely identify packet flows and prevent the reporting of duplicate traffic and false positives? (Choose two.)

  A. Set the source SPAN ports to tx only on the switches connected to the IPS interfaces
  B. Modify the security zones used by the Cisco Secure IPS device
  C. Change the MTU for the inline set to at least 1518
  D. Reconfigure access rules to drop all but the first occurrence of the packet
  E. Reassign the interface pairs to separate inline sets
  B. Modify the security zones used by the Cisco Secure IPS device
  E. Reassign the interface pairs to separate inline sets

• Question 273:

  A network administrator is trying to configure Active Directory authentication for VPN authentication to a Cisco Secure Firewall Threat Defence instance that is registered with Cisco Secure Firewall Management Center. Which system settings must be configured first in Secure Firewall Management Center to accomplish the goal?

  A. Device, Remote Access VPN
  B. System, Realms
  C. Policies, Authentication
  D. Authentication, Device
  B. System, Realms

  ---

  Explanation To configure Active Directory authentication for VPN authentication on a Cisco Secure Firewall Threat Defense (FTD) instance registered with Cisco Secure Firewall Management Center (FMC), the administrator needs to configure Realms in the System settings of the FMC. Realms in FMC are used to define the directory servers (e.g., Active Directory) and how they are used for user authentication. Steps to configure this in FMC: Navigate to System > Integration > Realms and Directory. Add a new realm and configure the necessary details such as the directory server type (e.g., Active Directory), server address, and bind credentials. Test the connection to ensure it works correctly. This setup allows the FMC to authenticate VPN users against the Active Directory, thereby enabling secure access control for VPN connections. References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Realms Configuration.

• Question 274:

  Which command-line mode is supported from the Cisco Firepower Management Center CLI?

  A. privileged
  B. user
  C. configuration
  D. admin
  C. configuration

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/command_line_reference.pdf

• Question 275:

  An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device. The company has a contact center that utilizes VoIP heavily, and it is critical that this traffic is not impacted by performance issues after deploying the access control policy. Which access control action rule must be configured to handle the VoIP traffic?

  A. block
  B. trust
  C. monitor
  D. allow
  B. trust

  ---

  To ensure that VoIP traffic in a contact center is not impacted by performance issues after deploying an access control policy on a Cisco Secure Firewall Threat Defense (FTD) device, the engineer should configure the access control rule with the "trust" action. The "trust" action allows traffic to bypass inspection and policy enforcement, ensuring that critical VoIP traffic is not delayed or degraded. Steps: In FMC, navigate to Policies > Access Control > Access Control Policy. Create a new rule or edit an existing rule. Set the source and destination for the VoIP traffic. Set the action to "trust" to ensure the VoIP traffic is not inspected. By configuring the rule with the "trust" action, the VoIP traffic will be prioritized, maintaining the quality and performance required for the contact center operations. References: Cisco Secure Firewall Management Center Configuration Guide, Chapter on Access Control Policies and Traffic Management.

• Question 276:

  Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

  A. FlexConfig
  B. BDI
  C. SGT
  D. IRB
  D. IRB

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/new_features_and_functionality.html

• Question 277:

  Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

  A. The units must be the same version
  B. Both devices can be part of a different group that must be in the same domain when configured within the FMC.
  C. The units must be different models if they are part of the same series.
  D. The units must be configured only for firewall routed mode.
  E. The units must be the same model.
  A. The units must be the same version
  E. The units must be the same model.

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

• Question 278:

  Refer to the exhibit.

  

  What is the effect of the existing Cisco FMC configuration?

  A. The remote management port for communication between the Cisco FMC and the managed device changes to port 8443.
  B. The managed device is deleted from the Cisco FMC.
  C. The SSL-encrypted communication channel between the Cisco FMC and the managed device becomes plain-text communication channel.
  D. The management connection between the Cisco FMC and the Cisco FTD is disabled.
  D. The management connection between the Cisco FMC and the Cisco FTD is disabled.

• Question 279:

  A security engineer is deploying a pair of primary and secondary Cisco FMC devices. The secondary must also receive updates from Cisco Talos. Which action achieves this goal?

  A. Force failover for the secondary Cisco FMC to synchronize the rule updates from the primary.
  B. Configure the secondary Cisco FMC so that it receives updates from Cisco Talos.
  C. Manually import rule updates onto the secondary Cisco FMC device.
  D. Configure the primary Cisco FMC so that the rules are updated.
  D. Configure the primary Cisco FMC so that the rules are updated.

• Question 280:

  A security engineer must integrate an external feed containing STIX/TAXII data with Cisco FMC. Which feature must be enabled on the Cisco FMC to support this connection?

  A. Cisco Success Network
  B. Cisco Secure Endpoint Integration
  C. Threat Intelligence Director
  D. Security Intelligence Feeds
  C. Threat Intelligence Director