Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-710 Questions and answers with Dumpstech

Home
Cisco
CCNP Security
300-710
300-710 Questions and Answers

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 10 out of 12 pages

Viewing questions 91-100 out of questions

Questions # 91:

A network administrator is configuring an instance of Cisco Secure Firewall Threat Defense, which is registered to Cisco Secure Firewall Management Center, to prevent internal users from downloading executable files from the internet. What must be created and configured by the administrator to meet the requirement?

Options:

Access policy rule that allows users to reach the internet and assigns a file policy that blocks executable downloads to the rule.

File policy that blocks downloads of all executable files and applies the file policy to the default action in the access policy.

File policy rule that allows users to reach the internet with a second rule applied that blocks application use of FTP.

Access policy rule that allows users to reach the internet with a second rule that blocks application executables.

Answer

Questions # 92:

Which object type supports object overrides?

Options:

time range

security group tag

network object

DNS server group

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Reusable_Objects.html#concept_8BFE8B9A83D742D9B647A74F7AD50053, , ]

Questions # 93:

A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?

Options:

Specify the BVl IP address as the default gateway for connected devices.

Enable routing on the Cisco Firepower

Add an IP address to the physical Cisco Firepower interfaces.

Configure a bridge group in transparent mode.

Answer

Explanation

Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices. However, like any other firewall, access control between interfaces is controlled, and all of the usual firewall checks are in place. Layer 2 connectivity is achieved by using a "bridge group" where you group together the inside and outside interfaces for a network, and the ASA uses bridging techniques to pass traffic between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to which you assign an IP address on the network. You can have multiple bridge groups for multiple networks. In transparent mode, these bridge groups cannot communicate with each other.https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/intro-fw.html

Questions # 94:

Refer to the exhibit.

An engineer is modifying an access control policy to add a rule to Inspect all DNS traffic that passes it making the change and deploying the policy, they see that DNS traffic Is not being Inspected by the Snort engine. What is......

Options:

The action of the rule is set to trust instead of allow.

The rule must specify the security zone that originates the traffic.

The rule Is configured with the wrong setting for the source port.

The rule must define the source network for inspection as well as the port.

Answer

Questions # 95:

An organization is configuring a new Cisco Firepower High Availability deployment. Which actionmust be taken to ensure that failover is as seamless as possible to end users?

Options:

Set up a virtual failover MAC address between chassis.

Use a dedicated stateful link between chassis.

Load the same software version on both chassis.

Set the same FQDN for both chassis.

Answer

Questions # 96:

An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network.

The user is reporting that the file is not malicious.

Which action does the engineer take to identify the file and validate whether or not it is malicious?

Options:

identify the file in the intrusion events and submit it to Threat Grid for analysis.

Use FMC file analysis to look for the file and select Analyze to determine its disposition.

Use the context explorer to find the file and download it to the local machine for investigation.

Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious.

Answer

Questions # 97:

An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco388267669. Which command set must be used in order to accomplish this?

Options:

configure manager add ACME001

configure manager add ACME0O1

configure manager add DONTRESOLVE AMCE001

configure manager add registration key> ACME001

Answer

Questions # 98:

Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?

Options:

Add the malicious file to the block list.

Send a snapshot to Cisco for technical support.

Forward the result of the investigation to an external threat-analysis engine.

Wait for Cisco Threat Response to automatically block the malware.

Answer

Questions # 99:

A network engineer is tasked with minimising traffic interruption during peak traffic limes. When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this issue?

Options:

Enable IPS inline link state propagation

Enable Pre-filter policies before the SNORT engine failure.

Set a Trust ALL access control policy.

Enable Automatic Application Bypass.

Answer

Questions # 100:

An engineer must configure a new identity policy in Cisco Firepower Management Center. Active authentication must be configured by using a Kerberos connection. Which two realms must be configured? (Choose two.)

Options:

Directory password

Active directory join password

Active directory primary domain

Active directory join username

Directory username

Answer

C, D

Viewing page 10 out of 12 pages

Viewing questions 91-100 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).