300-740 Exam Details

  • Exam Code
    :300-740
  • Exam Name
    :Designing and Implementing Secure Cloud Access for Users and Endpoints
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :61 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 300-740 Online Questions & Answers

  • Question 1:

    Refer to the exhibit.

    "default_policies": [

    {

    "action": "BLOCK",

    "priority": 100,

    "consumer_filter_ref": "__rootScope",

    "provider_filter_ref": "__workspaceScope",

    "l4_params": {

    "proto": 6 } } ]

    An engineer configured a default segmentation policy in Cisco Secure Workload to block SMTP traffic. During testing, it is observed that the SMTP traffic is still allowed.

    Which action must the engineer take to complete the configuration?

    A. Add "port": [25, 25] to _rootScope
    B. Add _SMTPScope to provider_filter_ref
    C. Add "port": [25, 25] to _params
    D. Change consumer_filter_ref to: _SMTPScope

  • Question 2:

    A security analyst detects an employee endpoint making connections to a malicious IP on the internet and downloaded a file named Test0511127691C.pdf. The analyst discovers the machine is infected by trojan malware. What must the analyst do to mitigate the threat using Cisco Secure Endpoint?

    A. Identify the malicious IPs and place them in a blocked list
    B. Create an IP Block list and add the IP address of the affected endpoint
    C. Enable scheduled scans to detect and block the executable files
    D. Start isolation of the machine on the Computers tab

  • Question 3:

    Refer to the exhibit.

    An engineer must connect an on-premises network to the public cloud using Cisco Umbrella as a Cloud Access Security Broker. The indicated configuration was applied to router R1; however, connectivity to Umbrella fails with this error: % OPENDNS-3- DNS_RES_FAILURE. Which action must be taken on R1 to enable the connection?

    A. Configure the Open DNS servers with the ip name-server command.
    B. Configure a DHCP scope using the ip dhcp pool command.
    C. Add the opendns in command to the interface configuration.
    D. Add the opendns out command to the interface configuration.

  • Question 4:

    Refer to the exhibit.

    An engineer must create a firewall policy to allow web server communication only. The indicated firewall policy was applied; however, a recent audit requires that all firewall policies be optimized. Which set of rules must be deleted?

    A. Rules 3 and 4
    B. Rules 2 to 4
    C. Rules 2 to 5
    D. Rules 1 and 5

  • Question 5:

    Refer to the exhibit.

    An engineer must provide HTTPS access from the Google Cloud Platform virtual machine to the on-premises mail server. All other connections from the virtual machine to the mail server must be blocked. The indicated rules were applied to the firewall; however, the virtual machine cannot access the mail server.

    Which two actions should be performed on the firewall to meet the requirement? (Choose two.)

    A. Set IP address 192.168.200.10 as the destination in rule 1.
    B. Move up rule 2.
    C. Set IP address 20.1.1.1 as the source in rule 1.
    D. Configure a NAT rule.
    E. Configure a security group.

  • Question 6:

    Refer to the exhibit.

    <0uput omitted> ! ASA_1(config)#vpn load-balancing ASA_1(config-load-balancing)#priority 10 ASA_1(config-load-balancing)#cluster key SecretKey01! ASA_1(config-load-balancing)#cluster ip address 30.1.1.1 ! <0uput omitted> !

    An engineer must configure VPN load balancing across two Cisco ASA. The indicated configuration was applied to each firewall; however, the load-balancing encryption scheme fails to work. Which two commands must be run on each firewall to meet the requirements? (Choose two.)

    A. cluster port 9024
    B. crypto ikev1 policy 1
    C. hash sha-256
    D. encryption aes 256
    E. cluster encryption

  • Question 7:

    An engineer configures trusted endpoints with Active Directory with Device Health to determine if an endpoint complies with the policy posture. After a week, an alert is received by one user, reporting problems accessing an application. When

    the engineer verifies the authentication report, this error is found:

    "Endpoint is not trusted because Cisco Secure Endpoint check failed, Check user's endpoint in Cisco Secure Endpoint."

    Which action must the engineer take to permit access to the application again?

    A. Verify the Cisco Secure Endpoint admin panel and approve the access to the user on the Management tab after a complete virus check of the user's laptop.
    B. Verify the Trusted Endpoints policy to verify the status of the machine, and after a complete process of analysis, permit the machine to have access to the application.
    C. Verify the Duo admin panel, check the EndPoints tab, verify the status of the machine, and after a complete process of analysis, mark the computer as Resolved to permit the user to authenticate again.
    D. Verify the Cisco Secure Endpoint admin panel, check the Inbox tab, verify the status of the machine, and after a complete process of analysis, mark the computer as Resolved to permit the user to authenticate again.

  • Question 8:

    Which mitigation technique does a web application firewall use to protect a web server against DDoS attacks?

    A. Source-specific ACL
    B. Standard ACL
    C. Packet filtering
    D. Rate-based rules

  • Question 9:

    DRAG DROP

    An engineer must configure certificate-based authentication in a cloud-delivered Cisco Secure Firewall Management Center. Drag and drop the steps from left to right to manually enroll certificates on a Cisco Secure Firewall Threat Defense Virtual device.

    Select and Place:

  • Question 10:

    What helps prevent drive-by compromise?

    A. Ad blockers
    B. VPN
    C. Incognito browsing
    D. Browsing known websites

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-740 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.