Cisco 300-710 Online Practice Questions and Exam Preparation

Cisco 300-710 Online Questions & Answers

• Question 361:

  What is a feature of Cisco AMP private cloud?

  A. It disables direct connections to the public cloud.
  B. It supports security intelligence filtering.
  C. It support anonymized retrieval of threat intelligence.
  D. It performs dynamic analysis.
  A. It disables direct connections to the public cloud.

  ---

  Explanation https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-742267.html

• Question 362:

  Remote users who connect via Cisco Secure Client to the corporate network behind a Cisco Secure Firewall Threat Defense device are reporting no audio on calls when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?

  A. The hairpinning feature is not available on Cisco Secure Firewall Threat Defense
  B. Cisco Secure Firewall Threat Defense needs a NAT policy that allows outside to outside communication
  C. The Enable Spoke to Spoke Connectivity through Hub option is not selected on Cisco Secure Firewall Threat Defense
  D. Split tunneling is enabled for the Remote Access VPN on Cisco Secure Firewall Threat Defense
  B. Cisco Secure Firewall Threat Defense needs a NAT policy that allows outside to outside communication

• Question 363:

  Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

  A. Cisco Firepower Threat Defense mode
  B. transparent mode
  C. routed mode
  D. integrated routing and bridging
  D. integrated routing and bridging

• Question 364:

  An engineer Is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection tor company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP lo obtain an IP address. How must the engineer deploy the device to meet this requirement?

  A. Deploy the device in routed mode and allow DHCP traffic in the access control policies.
  B. Deploy the device in routed made aid enable the DHCP Relay feature.
  C. Deploy the device in transparent mode and allow DHCP traffic in the access control policies
  D. Deploy the device in transparent mode and enable the DHCP Server feature.
  C. Deploy the device in transparent mode and allow DHCP traffic in the access control policies

  ---

  Transparent mode allows the FTD device to act as a "bump in the wire" that does not affect the IP addressing of the network. The end user workstations will not need any changes to their configuration, as they will still receive an IP address from the same DHCP server. However, the FTD device must allow DHCP traffic in the access control policies, otherwise it will block the DHCP requests and replies1

• Question 365:

  Refer to the exhibit

  

  An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall After making the change and deploying the pokey they see that DNS traffic is not bang inspected by the Snort engine What is the problem?

  A. The rule must specify the security zone that originates the traffic.
  B. The rule Is configured with the wrong setting for the source port.
  C. The rule must define the source network for inspection as well as the port.
  D. The action of the rule is set to trust instead of allow.
  D. The action of the rule is set to trust instead of allow.

• Question 366:

  An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with primary route. Which action accomplish this task?

  A. Install the static backup route and modify the metric to be less than the primary route
  B. Use a default route in the FMC instead of having multiple routes contending for priority
  C. Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated
  D. Create the backup route and use route tracking on both routes to a destination IP address in the network
  D. Create the backup route and use route tracking on both routes to a destination IP address in the network

• Question 367:

  DRAG DROP

  Refer to the exhibit.

  

  An engineer must configure a connection on a Cisco ASA Firewall with a Cisco Secure Firewall Services Module to ensure that the secondary interface takes over all the functions of the primary interface if the primary interface fails. Drag and drop the code snippets from the bottom onto the boxes in the CLI commands to configure the failover. Not all options are used.

  Select and Place:

  

  

• Question 368:

  In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)

  A. Traffic inspection is interrupted temporarily when configuration changes are deployed.
  B. The system performs intrusion inspection followed by file inspection.
  C. They block traffic based on Security Intelligence data.
  D. File policies use an associated variable set to perform intrusion prevention.
  E. The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.
  A. Traffic inspection is interrupted temporarily when configuration changes are deployed.
  C. They block traffic based on Security Intelligence data.

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Access_Control_Using_Intrusion_and_File_Policies.html

• Question 369:

  An engineer is configuring a Cisco Secure Firewall Threat Defense device and wants to create a new intrusion rule based on the detection of a specific pattern in the data payload for a new zero-day exploit. Which keyword type must be used to add a line that identifies the author of the rule and the date it was created?

  A. gtp_info
  B. metadata
  C. reference
  D. content
  B. metadata

  ---

  When creating a new intrusion rule in a Cisco Secure Firewall Threat Defense (FTD) device, the keyword type "metadata" must be used to add a line that identifies the author of the rule and the date it was created. The metadata keyword is used to store additional information about the rule, such as authorship and creation date. Steps: In FMC, navigate to Policies > Intrusion > Rules. Create a new rule or edit an existing one. Use the "metadata" keyword to add information about the author and date. Example: metadata: created_at 2023-06-15, author "John Doe"; By using the metadata keyword, you ensure that the rule contains relevant information for tracking its creation and authorship, which is essential for maintaining rule documentation and accountability. References: Cisco Secure Firewall Management Center Intrusion Policy Guide, Chapter on Custom Rule Creation and Metadata Usage.

• Question 370:

  Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device. IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues. When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Center (FMC), the network administrator sees an error that the Cisco Duo AAA server has been marked as failed. What is the root cause of the issue?

  A. AD Trust certificates are missing from the Secure FTD device.
  B. Multifactor authentication is not supported on Secure FMC managed devices.
  C. The internal AD server is unreachable from the Secure FTD device.
  D. Duo trust certificates are missing from the Secure FTD device.
  D. Duo trust certificates are missing from the Secure FTD device.

  ---

  If users report that Cisco Duo 2FA fails when attempting to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device, and the VPN troubleshooting log in FMC shows an error indicating that the Cisco Duo AAA server has been marked as failed, the root cause is likely missing Duo trust certificates on the FTD device. Trust certificates are essential for establishing a secure and trusted connection between the FTD and the Duo authentication service. Steps: Obtain the necessary Duo trust certificates. Install the certificates on the FTD device. Verify the configuration to ensure that the FTD device can properly communicate with the Duo AAA server. This resolves the authentication failure by ensuring that the FTD device can trust the Duo server. References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Certificate Management.