Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-710 Questions and answers with Dumpstech

Home
Cisco
CCNP Security
300-710
300-710 Questions and Answers

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 2 out of 12 pages

Viewing questions 11-20 out of questions

Questions # 11:

A network administrator is configuring a site-to-site IPsec VPN to a router sitting behind a Cisco FTD. The administrator has configured an access policy to allow traffic to this device on UDP 500, 4500, and ESP VPN traffic is not working. Which action resolves this issue?

Options:

Set the allow action in the access policy to trust.

Enable IPsec inspection on the access policy.

Modify the NAT policy to use the interface PAT.

Change the access policy to allow all ports.

Answer

Questions # 12:

An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CU for the device. The CLl for the device is managed by Cisco FMC to which the engineer has access. Which action in Cisco FMC grants access to the CLl for the device?

Options:

Export the configuration using the Import/Export tool within Cisco FMC.

Create a backup of the configuration within the Cisco FMC.

Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.

Download the configuration file within the File Download section of Cisco FMC.

Answer

Questions # 13:

A company is deploying intrusion protection on multiple Cisco FTD appliances managed by Cisco FMC. Which system-provided policy must be selected if speed and detection are priorities?

Options:

Connectivity Over Security

Security Over Connectivity

Maximum Detection

Balanced Security and Connectivity

Answer

Questions # 14:

An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a firewall and inspect traffic destined to the internet.

Which configuration will meet this requirement?

Options:

transparent firewall mode with IRB only

routed firewall mode with BVI and routed interfaces

transparent firewall mode with multiple BVIs

routed firewall mode with routed interfaces only

Answer

Questions # 15:

Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?

Options:

show running-config

show tech-support chassis

system support diagnostic-cli

sudo sf_troubleshoot.pl

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/support/docs/security/sourcefire-defense-center/117663-technote- SourceFire-00.html, , ]

Questions # 16:

A network administrator is deploying a new Cisco Secure Firewall Threat Defense (FTD) firewall After Cisco Secure FTD is deployed, inside clients nave intermittent connectivity to each other. When … the packet capture on the Secure FTD firewall, the administrator sees that Secure FID is responding to all the AW requests on the inside network. Which action must the network administrator e to resolve the issue''

Options:

Review NAT policy and disable incorrect proxy ARP configuration.

Hardcode the MAC address of the FTD to IP mapping on client machines.

Review the access policy and verify that ARP is allowed from inside to inside.

Convert the FTD to transparent mode to allow ARP requests.

Answer

Explanation

If inside clients have intermittent connectivity issues and the Cisco Secure FTD is responding to all ARP requests on the inside network, it indicates that there may be an incorrect proxy ARP configuration in the NAT policy. Proxy ARP can cause the FTD to respond to ARP requests on behalf of other devices, leading to connectivity issues.

Steps to resolve:

Review the NAT policy on the FTD to identify any incorrect proxy ARP configurations.

Disable the proxy ARP setting for the relevant NAT rules that are causing the issue.

This ensures that the FTD only responds to ARP requests as needed, preventing it from interfering with normal ARP traffic on the inside network.

[References:Cisco Secure Firewall Management Center Configuration Guide, Chapter on NAT and ARP Configuration., , , ]

Questions # 17:

What is a method used by Cisco Rapid Threat Containment to contain the threat in the network?

Options:

change of authentication

share context data

TACACS+

trustsec segmentation

Answer

Questions # 18:

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

Options:

Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

Use the packet tracer tool to determine at which hop the packet is being dropped.

Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

Answer

Questions # 19:

Which interface type allows packets to be dropped?

Options:

passive

inline

ERSPAN

TAP

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower- threat-defense-int.html, , ]

Questions # 20:

What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

Options:

1024

8192

4096

2048

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config- guide-v61/system_configuration.html, , ]

Viewing page 2 out of 12 pages

Viewing questions 11-20 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).