Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 351:

  Refer to the exhibit.

  

  An engineer is configuring a high-availability solution that has the hardware devices and software versions:

  1.

  two Cisco Secure Firewall 9300 Security Appliances with FXOS SW 2.0(1.23)

  2.

  one Cisco Secure Firewall Threat Defense with 6.0 1 1 (build 1023)

  3.

  one Cisco Secure Firewall Management Center with SW 6 0.1.1 (build 1023) Which condition must be met to complete the high-availability configuration?

  A. Both firewalls must be in transparent mode
  B. The version numbers must have the same patch number
  C. DHCP must be configured on at least one firewall interface.
  D. Both firewalls must have the same number of interfaces
  D. Both firewalls must have the same number of interfaces

  ---

  Explanation Explanation/Reference:In a high-availability (HA) setup for Cisco Secure Firewall devices, both firewalls in the HA pair must have identical configurations, which includes having the same number of interfaces with matching names, IP addresses, and settings. This requirement ensures that both devices can function seamlessly as primary and secondary units, allowing for smooth failover without configuration mismatches. For HA to work properly, each firewall must have the same interface configuration to ensure that both units can handle traffic in the same way when a failover event occurs. If the primary device fails, the secondary device needs to have identical interface configurations to take over immediately.

• Question 352:

  A network administrator is concerned about (he high number of malware files affecting users' machines. What must be done within the access control policy in Cisco FMC to address this concern?

  A. Create an intrusion policy and set the access control policy to block.
  B. Create an intrusion policy and set the access control policy to allow.
  C. Create a file policy and set the access control policy to allow.
  D. Create a file policy and set the access control policy to block.
  D. Create a file policy and set the access control policy to block.

• Question 353:

  Which report template field format is available in Cisco FMC?

  A. box lever chart
  B. arrow chart
  C. bar chart
  D. benchmark chart
  C. bar chart

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Working_with_Reports.html

• Question 354:

  While configuring FTD, a network engineer wants to ensure that traffic passing though the appliance does not require routing or VLAN rewriting. Which interface mode should the engineer implement to accomplish this task?

  A. inline set
  B. passive
  C. transparent
  D. inline tap
  A. inline set

  ---

  Explanation Explanation/Reference:An inline set acts like a bump on the wire, and binds two interfaces together to slot into an existing network. This function allows the FTD to be installed in any network environment without the configuration of adjacent network devices.

• Question 355:

  An engineer has been tasked with performing an audit of network objects to determine which objects are duplicated across the various firewall models (Cisco Secure Firewall Threat Defense, Cisco Secure Firewall ASA, and Meraki MX Series) deployed throughout the company. Which tool will assist the engineer in performing that audit?

  A. Cisco Firepower Device Manager
  B. Cisco Defense Orchestrator
  C. Cisco Secure Firewall Management Center
  D. Cisco SecureX
  B. Cisco Defense Orchestrator

  ---

  Cisco Defense Orchestrator (CDO) is the tool that assists engineers in performing an audit of network projects to determine which objects are duplicated across various firewall models, including Cisco Secure Firewall Threat Defense, Cisco Secure Firewall ASA, and Meraki MX Series. CDO provides a unified management interface for managing multiple security devices and can identify duplicate objects across these devices. Steps: Access Cisco Defense Orchestrator. Connect and synchronize all relevant firewall devices (FTD, ASA, Meraki MX). Use the audit and reporting features in CDO to identify and manage duplicate objects. This helps ensure consistency and efficient management across the organization's firewall deployments. References: Cisco Defense Orchestrator Documentation, Chapter on Device Management and Object Auditing.

• Question 356:

  An administrator configures a Cisco Secure Firewall Threat Defense device in transparent mode. To configure the BVI (Bridge Virtual Interface), the administrator must:

  Add a bridge-group interface Configure a bridge-group ID Configure the bridge-group interface description Add bridge-group member interfaces

  How must the engineer perform these actions?

  A. Configure a name for the bridge-group interface
  B. Set a security zone for the bridge-group interface
  C. Set the bridge-group interface mode to transparent
  D. Configure an IP address for the bridge-group interface
  D. Configure an IP address for the bridge-group interface

• Question 357:

  A network administrator reviews the attack risk report and notices several low-impact attacks. What does this type of attack indicate?

  A. All attacks are listed as low until manually recategorized.
  B. The host is not vulnerable to those attacks.
  C. The host is not within the administrator's environment.
  D. The attacks are not dangerous to the network.
  D. The attacks are not dangerous to the network.

• Question 358:

  A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device. While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response. Which step must be taken to resolve this issue without initiating traffic from the client?

  A. Use packet-tracer to ensure that traffic is not being blocked by an access list.
  B. Use packet capture to ensure that traffic is not being blocked by an access list.
  C. Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address.
  D. Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address.
  D. Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address.

• Question 359:

  What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?

  A. Add at least two container instances from the same module.
  B. Set up a cluster control link between all logical devices.
  C. Define VLAN subinterfaces for each logical device.
  D. Add one shared management interface on all logical devices.
  D. Add one shared management interface on all logical devices.

  ---

  https://www.cisco.com/c/en/us/td/docs/security/asa/asa915/asdm715/general/asdm-715-general-config/intro-logical-devices.html

• Question 360:

  Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?

  A. apex
  B. plus
  C. base
  D. mobility
  B. plus

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0111.html#concept_DE1C38E055794B198ED352D1528B5182