Summer Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-710 Questions and answers with Dumpstech

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 11 out of 12 pages
Viewing questions 101-110 out of questions
Questions # 101:

Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)

Options:

A.

Cisco ASA 5500 Series

B.

Cisco FMC

C.

Cisco AMP

D.

Cisco Stealthwatch

E.

Cisco ASR 7200 Series

Questions # 102:

Question # 102

A security engineer must improve security in an organization and is producing a risk mitigation strategy to present to management for approval. Which action must the security engineer take based on this Attacks Risk Report?

Options:

A.

Inspect DNS traffic

B.

Block NetBIOS.

C.

Block Internal Explorer

D.

Inspect TCP port 80 traffic

Questions # 103:

Refer to the exhibit.

Question # 103

An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion. Which action will mitigate this risk?

Options:

A.

Use SSL decryption to analyze the packets.

B.

Use encrypted traffic analytics to detect attacks

C.

Use Cisco AMP for Endpoints to block all SSL connection

D.

Use Cisco Tetration to track SSL connections to servers.

Questions # 104:

Question # 104

Refer to the exhibit. A Cisco Secure Firewall Management Center, 7.0 device fails to receive intelligence feed updates. The Cisco Secure Firewall Management Center is configured to use a proxy server that performs SSL inspection. Which action allows the Cisco Secure Firewall Management Center device to download the intelligence feed updates?

Options:

A.

Install a self-signed certificate on the proxy server for intelligence.sourcefire.com.

B.

Verify that the proxy server can use HTTPS to communicate to the internet.

C.

Ensure that proxy authentication is disabled for the Cisco Secure Firewall Management Center device.

D.

Bypass the proxy server for intelligence.sourcefire.com.

Questions # 105:

An engineer Is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection tor company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP lo obtain an IP address. How must the engineer deploy the device to meet this requirement?

Options:

A.

Deploy the device in routed mode and allow DHCP traffic in the access control policies.

B.

Deploy the device in routed made aid enable the DHCP Relay feature.

C.

Deploy the device in transparent mode and allow DHCP traffic in the access control policies

D.

Deploy the device in transparent mode and enable the DHCP Server feature.

Questions # 106:

An engineer is working on a LAN switch and has noticed that its network connection to the mime Cisco IPS has gone down Upon troubleshooting it is determined that the switch is working as expected What must have been implemented for this failure to occur?

Options:

A.

The upstream router has a misconfigured routing protocol

B.

Link-state propagation is enabled

C.

The Cisco IPS has been configured to be in fail-open mode

D.

The Cisco IPS is configured in detection mode

Questions # 107:

A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response Which step must be taken to resolve this issue without initiating traffic from the client?

Options:

A.

Use packet-tracer to ensure that traffic is not being blocked by an access list.

B.

Use packet capture to ensure that traffic is not being blocked by an access list.

C.

Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address.

D.

Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address.

Questions # 108:

Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

Options:

A.

EIGRP

B.

OSPF

C.

static routing

D.

IS-IS

E.

BGP

Questions # 109:

In which two places can thresholding settings be configured? (Choose two.)

Options:

A.

on each IPS rule

B.

globally, within the network analysis policy

C.

globally, per intrusion policy

D.

on each access control rule

E.

per preprocessor, within the network analysis policy

Questions # 110:

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

Options:

A.

Enable Inspect Local Router Traffic

B.

Enable Automatic Application Bypass

C.

Configure Fastpath rules to bypass inspection

D.

Add a Bypass Threshold policy for failures

Viewing page 11 out of 12 pages
Viewing questions 101-110 out of questions